exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

google-utf7xss.txt

google-utf7xss.txt
Posted Dec 29, 2007
Authored by Yosuke HASEGAWA

Google suffered from a cross site scripting vulnerability via UTF-7.

tags | exploit, xss
SHA-256 | 16145040a7cac6e9c01f87901218be0de9bde0bb5338026746f2d8aaaf137f14

google-utf7xss.txt

Change Mirror Download
XSS with UTF-7 in Google

XSS with UTF-7 was found in www.google.com (already fixed).
Although charset was specified in HTTP response header, but
charset-name was incorrect so XSS occurred.

PoC:
http://www.google.com/search?hl=en&oe=cp932&q=%2BADw-script%2BAD4-alert(
document.cookie)%2BADsAPA-/script%2BAD4-%2BACI-

The "cp932" is specified for output charset with "oe" parameter,
so responded HTTP header and <meta> in HTML from Google are like as:
--
Content-Type: text/html; charset=CP932
--
<meta http-equiv=content-type content="text/html; charset=CP932">
--

"cp932" is the similar name of the Shift_JIS encoding,
but it is not registered as correct charset name for IE.
IE recognizes only charset names hardocorded in MLang.dll
like as "Shift_JIS", "EUC-JP", "EUC-KR", "UTF-8" and so on.

Therefore, an automatic detection function for encoding works,
and detect as "UTF-7".

Typical incorrect charset name in japanese web pages are followings:

utf8 - Idiomatic expression of "UTF-8" hyphen falls out.
euc - Idiomatic expression of "EUC-JP"
jis - Idiomatic expression of "ISO-2022-JP"
MS932 / MS932 / CP942C - Comparable encodings to Shift_JIS on Java
Windows-31J - IANA registered name for Codepage 932, but not
registered in Windows.

Status:
Apr 17 2007
Reported to Google via IPA/ISEC <http://www.ipa.go.jp/security/index-e.html>
Dec 26 2007
Received reply it fixed from Google via IPA/ISEC.

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close