Форум АНТИЧАТ - XSS on Google.com

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)

- Forum for discussion of ANTICHAT (https://forum.antichat.xyz/forumdisplay.php?f=72)

- - XSS on Google.com (https://forum.antichat.xyz/showthread.php?t=54914)

XSS on Google.com

To be more precise our link is http://finance.google.com

Ok..My XSS alert is here:

http://finance.google.com/finance/po...ction=add&hash

How you see in the screen we need authentication.

http://funkyimg.com/u/48650google1JPG.jpg

Good,I go inside with my account and now I try to add something on my
Portofolio. I try to add something like this

Код:

"><script>alert(/XSS/)</script>

OR: like this

Код:

"><script>alert(document.cookie)</script>

:)

http://funkyimg.com/u/32647google2JPG.jpg

After I have put that string and I press the key "Add to portofolio" we
can see the surprise

http://funkyimg.com/u/73997google3JPG.jpg

That's all.

no bad =), i found xss on such giants, as xakep.ru and it.com

Цитата:

Сообщение от Sn@k3

no bad =), i found xss on such giants, as xakep.ru and it.com

Sorry, but LOOOL:DDD

Цитата:

no bad =), i found xss on such giants, as xakep.ru and it.com

kill yourself against the wall

just heck, no more...
may be google have a any sql injection?

tclover ))))

i'm not sure that xakep.ru is a giant, moreover it's popularity is rapidly decreasing now =)

it's realy cool...
get document.cookie is working!

otvety.google.ru

My XSS alert is here:

Код:

https://forum.antichat.ru/thread55954.html

=)))

Cool, but they closed that XSS