Re: google xss

["Vladimir Levijev" <vladimir.levijev () gmail com>]

On 4/10/06, pagvac <unknown.pentester () gmail com> wrote:

> Very nice observation. Good reminder that sometimes you don't need to
> go fancy using different encodings and so on. Sometimes, changing a
> simple field value can make a difference (such as in this case). Many
> people have tried really hard to find XSS bugs in the main English
> version of the Google search page (there are several examples that
> went public), but this guy was much smarter and tried something
> different (changing the language parameter in this case).

Yesterday this worked for me and I disabled script for google.com .
Today I enabled the script for google and tested it again. I could not
reproduce it! Seems google has fixed this bug. Correct me if I'm
wrong. For now I have enabled script back for google.

Regards,

--
[vl@dimir]#