Bugtraq mailing list archives
Re: google xss
From: pagvac <unknown.pentester () gmail com>
Date: Mon, 10 Apr 2006 20:40:18 +0100
Interesting that it's *not* choosing a tld different to ".com" what triggers the bug, but rather the language field ("hl"). In other words, if we change [http://www.google.ae/search?hl=ar&q=<script>alert("1")</script>&meta=] to [http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta=] the bug *still* works, but it *stops* working when you change the language to English for instance: [http://www.google.com/search?hl=en&q=<script>alert("1")</script>&meta=] Very nice observation. Good reminder that sometimes you don't need to go fancy using different encodings and so on. Sometimes, changing a simple field value can make a difference (such as in this case). Many people have tried really hard to find XSS bugs in the main English version of the Google search page (there are several examples that went public), but this guy was much smarter and tried something different (changing the language parameter in this case). Good post! On 4/10/06, Andy Meyers <andy.meyers () hushmail com> wrote:
My BlackICE stops this from XSS from happening, however changing the URL from a .ae domain to a .com and leaving the rest in tact, I am then prompted. http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta= Ashes -----Original Message----- From: almfnod () gawab com [mailto:almfnod () gawab com] Sent: Tuesday, April 04, 2006 2:35 PM To: bugtraq () securityfocus com Subject: google xss http://www.google.ae/search?hl=ar&q=<script>alert("1")</script>&meta=
Current thread:
- google xss almfnod (Apr 09)
- RE: google xss Andy Meyers (Apr 10)
- Re: google xss Jim Ley (Apr 11)
- Re: google xss pagvac (Apr 11)
- Re: google xss Vladimir Levijev (Apr 13)
- RE: google xss Andy Meyers (Apr 10)