Home / os / solaris

gfinance-xss.txt

Posted on 03 December 2007

I am Fugitif and on this small tutorial I want to show you how can work one vulnerable XSS Alert Bug on Google.com. To be more precise our link is http://finance.google.com Ok..My XSS alert is here http://finance.google.com/finance/portfolio?action=add&hash How you see in the screen we need authentication. [img]http://funkyimg.com/u/48650google1JPG.jpg[/img] Good,I go inside with my account and now I try to add something on my Portofolio. I try to add something like this "><script>alert(/XSS/)</script> OR: like this "><script>alert( document.cookie)</script> :) [img]http://funkyimg.com/u/32647google2JPG.jpg[/img] After I have put that string and I press the key "Add to portofolio" we can see the surprise [img]http://funkyimg.com/u/73997google3JPG.jpg[/img] That's all...We hope this bug can be fixed soon! /Fugitif t3am3lit3@gmail.com www.nemesis.te-home.net

 

TOP