googlecustom-xss.txt

googlecustom-xss.txt: Posted Aug 8, 2007; Authored by Lostmon | Site lostmon.blogspot.com; Google's custom search engine suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | f055badf6c13861932c4e808371522508f461a1dff85f24b1da694f6a17d4485; Download | Favorite | View

googlecustom-xss.txt

#####################################################
Google custom search engine contributors invite XSS
Vendor url: http://www.google.com
Product Url: http://www.google.com/coop/cse/
Advisore url:http://lostmon.blogspot.com/2007/08/
google-custom-search-engine.html
Vendor notify :yes vendor confirmed: yes Fixed: YES
#####################################################

Description:

A Custom Search Engine is a tailored search experience,
built using Google's core search technology, which
prioritizes or restricts search results based on websites
and pages that you specify, and which can be tailored to
reflect your point of view or area of expertise.

Google Custom search Engine have a flaw that allows a remote
cross site scripting attack.This flaw exists because the
application does not validate multiple params upon submission
to multiple scripts.This could allow a user to create a specially
invite that would execute arbitrary code in a user's browser
within the trust relationship between the browser and the server,
leading to a loss of integrity.

################
timeline
###############

discovered: 31-07-2007
vendor notifY 31-07-2007
vendor response:31-07-2007
vendor fix:07-08-2007 (i test it today)
disclosure:07-08-2007

####################
explanation
###################

See this screen Shoot :

http://usuarios.lycos.es/reyfuss/xss/images/Google_custom_search_engine.jpg

Go to

http://www.google.com/coop/manage/cse/collaboration?cx=[tokem-of search engine]

and in 'Add a personal note to the invitation' write some javascript
or html code and them click on 'invite preview'
this code is execute...

Also the form convert to hexa with semicoloms to html :


it works transform to html code , but it does not execute it :)

we can try to convert it in decimal values and it show too the
html without execute it.
Only works with 'simple' html

######################### €nd ########################

Thnx To estrella To be my ligth
Thnx to all Lostmon Team !!


-- 
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Top Authors In Last 30 Days

Red Hat 251 files
indoushka 155 files
Ubuntu 91 files
Gentoo 32 files
Debian 21 files
LiquidWorm 14 files
Apple 11 files
malvuln 8 files
Google Security Research 7 files
verylazytech 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,140)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,531)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,026)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,914)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

googlecustom-xss.txt

googlecustom-xss.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

googlecustom-xss.txt

Share This

googlecustom-xss.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems