Google's finance site is vulnerable to a persistent cross site scripting vulnerability.
8330b46af3014f1ec0e3ccbc84fcccc442bc6741ac0e3be21f255a7e73002873I am Fugitif and on this small tutorial I want to show you how can work one
vulnerable XSS Alert Bug on Google.com.
To be more precise our link is http://finance.google.com
Ok..My XSS alert is here
http://finance.google.com/finance/portfolio?action=add&hash
How you see in the screen we need authentication.
[img]http://funkyimg.com/u/48650google1JPG.jpg[/img]
Good,I go inside with my account and now I try to add something on my
Portofolio. I try to add something like this
"><script>alert(/XSS/)</script> OR: like this "><script>alert(
document.cookie)</script> :)
[img]http://funkyimg.com/u/32647google2JPG.jpg[/img]
After I have put that string and I press the key "Add to portofolio" we
can see the surprise
[img]http://funkyimg.com/u/73997google3JPG.jpg[/img]
That's all...We hope this bug can be fixed soon!
/Fugitif t3am3lit3@gmail.com www.nemesis.te-home.net
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed