Tuesday, January 17, 2006

Chris Shiflett: Google XSS Example

Chris Shiflett: Google XSS Example: "Wed, 21 Dec 2005
Google XSS Example

Related: Google's Cross-Site Scripting Vulnerability

In the comments to my previous blog post, Ivo Jansch asks:

To be able to comprehend how this may affect my website, could you explain how this could be exploited, even though you cannot demonstrate it?

Rather than offer another vague answer, I decided to provide a very simple proof of concept that demonstrates how character encoding inconsistencies can bite you. Google's vulnerability has of course been fixed, but with a simple PHP script, we can reproduce the situation"

No comments: