Bugtraq mailing list archives
Re: google xss
From: "Vladimir Levijev" <vladimir.levijev () gmail com>
Date: Wed, 12 Apr 2006 15:34:55 +0300
On 4/10/06, pagvac <unknown.pentester () gmail com> wrote:
Very nice observation. Good reminder that sometimes you don't need to go fancy using different encodings and so on. Sometimes, changing a simple field value can make a difference (such as in this case). Many people have tried really hard to find XSS bugs in the main English version of the Google search page (there are several examples that went public), but this guy was much smarter and tried something different (changing the language parameter in this case).
Yesterday this worked for me and I disabled script for google.com . Today I enabled the script for google and tested it again. I could not reproduce it! Seems google has fixed this bug. Correct me if I'm wrong. For now I have enabled script back for google. Regards, -- [vl@dimir]#
Current thread:
- google xss almfnod (Apr 09)
- RE: google xss Andy Meyers (Apr 10)
- Re: google xss Jim Ley (Apr 11)
- Re: google xss pagvac (Apr 11)
- Re: google xss Vladimir Levijev (Apr 13)
- RE: google xss Andy Meyers (Apr 10)