PDA

Просмотр полной версии : XSS on Google.com

Fugitif
03.12.2007, 02:39
To be more precise our link is http://finance.google.com

Ok..My XSS alert is here:

http://finance.google.com/finance/portfolio?action=add&hash

How you see in the screen we need authentication.

http://funkyimg.com/u/48650google1JPG.jpg

Good,I go inside with my account and now I try to add something on my
Portofolio. I try to add something like this

"><script>alert(/XSS/)</script> OR: like this "><script>alert(document.cookie)</script> :)

http://funkyimg.com/u/32647google2JPG.jpg

After I have put that string and I press the key "Add to portofolio" we
can see the surprise

http://funkyimg.com/u/73997google3JPG.jpg


That's all.
Sn@k3
03.12.2007, 11:48
no bad =), i found xss on such giants, as xakep.ru and it.com
.Slip
03.12.2007, 14:30
no bad =), i found xss on such giants, as xakep.ru and it.com
Sorry, but LOOOL:DDD
tclover
03.12.2007, 15:23
no bad =), i found xss on such giants, as xakep.ru and it.com
kill yourself against the wall
W!z@rD
03.12.2007, 18:43
just heck, no more...
may be google have a any sql injection?

tclover ))))
VERte][
03.12.2007, 23:09
i'm not sure that xakep.ru is a giant, moreover it's popularity is rapidly decreasing now =)
inlanger
04.12.2007, 00:49
it's realy cool...
get document.cookie is working!
ZAMUT
16.12.2007, 22:30
otvety.google.ru

My XSS alert is here:
https://forum.antichat.ru/thread55954.html =)))
SKiMN
25.04.2008, 13:17
Cool, but they closed that XSS