October 19th, 2004, 06:58 PM
Google XSS, phishing
being inserted into the url of the image, allowing malicious users to modify
the content of the google page allowing in phishing attacks, or silently
steal search terms/results/clicks or modify actual searches to always
contain controlled results. With Googles trusted status, the risk is almost
This may not be very harmful except for phishing attacks, but why wouldn't google fix it regardless? Last thing Google needs is a reputation of late bug fixes, considering the expansion of services it is currently going through.
The exploit has been public for over 2 years, and google have been informed
on multiple occasions.
Hmmmm..... Gmail cookies and XSS? Any possible problems with saved passwords? Gmail doesn't have a /custom interface does it?
October 21st, 2004, 12:21 PM
And anybody tried gmailnotifier? just the kind of power google got into ur desktops..
may be google want some bugs to remain, and they can do anything they like saying its a bug
October 21st, 2004, 12:55 PM
Soda, doesn't seem to work on my (win98 IE6) test box..
I'm not paranoid.. but is this a google flaw or a IE flaw ??
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio
the best station for C64 Remixes !
October 21st, 2004, 03:38 PM
Looks like they fixed it, because I can't get it to work anymore, on anything.
October 21st, 2004, 03:42 PM
You're the man SodaP. Your post caused them to fix it .