Chris Shiflett: Google XSS Example: "Wed, 21 Dec 2005
Google XSS Example
Related: Google's Cross-Site Scripting Vulnerability
In the comments to my previous blog post, Ivo Jansch asks:
To be able to comprehend how this may affect my website, could you explain how this could be exploited, even though you cannot demonstrate it?
Rather than offer another vague answer, I decided to provide a very simple proof of concept that demonstrates how character encoding inconsistencies can bite you. Google's vulnerability has of course been fixed, but with a simple PHP script, we can reproduce the situation"