Full Disclosure mailing list archives
Re: Google persistent xss and another security bug
From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Fri, 7 Jan 2011 15:55:44 +0800
Nice find http://www.google.com/search?q=<script>alert(xss Payload must be short within the description length. LinkedIn</a></h3><div class="f">Libia - "><script>alert("XSS");</script> at "><script>alert("XSS");</script></div><div class="s">View ">'s professional profile on LinkedIn. LinkedIn is the world's largest <br> business network, helping professionals like "> discover inside connections to <br> <b>...</b><br><div><cite>www.linkedin.com/pub/%2522-script-ale... On Fri, Jan 7, 2011 at 11:17 AM, sec yun <root () wooyun org> wrote:
Some one has reported security flaws about Google on wooyun 1 Google exploit by malicious software http://www.wooyun.org/bugs/wooyun-2010-0518 2 Google persistent xss http://www.wooyun.org/bugs/wooyun-2010-01055 (Credit to http://www.wooyun.org/whitehats/SnowGZ ) Tested on ie6 Google persistent xss is very funny,it looks like when the agent is IE6,Google will come to a different logic which will cause a persistent xss attack. WooYun is a connection platform for vendors and security researchers :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google persistent xss and another security bug sec yun (Jan 06)
- Re: Google persistent xss and another security bug Jacky Jack (Jan 06)