This site is soon to be deprecated by http://www.johnleitch.net

Wednesday, September 30, 2009

Persistent XSS Vulnerability - Google.com

Here's a good one: Google Sidewiki has a type 2 XSS vulnerability. Upon editing an entry (and possibly when adding one, I didn't test it) an HTTP proxy such as Fiddler can be used to alter the pagetitle field.



The code replacing the pagetitle value is as follows.
<<a>a onmouseout=alert(0)>a

The a tag is stripped out, but as only one pass is performed a new a tag is created.
<a onmouseout=alert(0)>a

The result is a profile containing the arbitrary code.



http://www.google.com/profiles/108489460074237220044?hl=en#sidewiki
Posted by John Leitch at 6:25 PM
Labels: , , , , , , , , , , ,

2 comments:

Subscribe to: Post Comments (Atom)