Cross Site Scripting Discovered in Google

← Back to Stories (view on slashdot.org)

Cross Site Scripting Discovered in Google

Posted by CmdrTaco on Wednesday December 21, 2005 @03:13AM from the hate-when-that-happens dept.

Security Test writes "Yair Amit posted a message early this morning to The Web Security Mailing List outlining a Cross Site Scripting flaw in Google that allows an attacker to carry out Phishing Attacks."

6 of 158 comments (clear)

Min score:

Reason:

Sort:

FRISTY PSOT!!!! by Anonymous Coward · 2005-12-21 03:15 · Score: -1, Troll

FRISTY PSOT!!!! Micro$o$$ can't buy one of theze for they're $-box!!!!!
You FaiL It by Anonymous Coward · 2005-12-21 03:28 · Score: -1, Troll

to thE original
MS anyone? by CDPatten · 2005-12-21 03:40 · Score: -1, Troll

first screwing the authors/copyright law with google print, next buying aol, and now big security holes.

Is google tring to be evil like MS?
Re:What bullshit... - Are you out of your mind??? by ninja_assault_kitten · 2005-12-21 03:42 · Score: 1, Troll

I have and it's not serious. At best it's a medium risk. It's not like you can exploit the XSS vul without any user intervention. You still have to get the user to go to the malicious URL. That immediately says to me, 'not serious'. But I guess you're down with infosec marketing propaganda.

Do you work for Watchfire by chance?
Google is my Bitch by Anonymous Coward · 2005-12-21 04:01 · Score: -1, Troll

I always suspected. I've been running a project I call Google is My Bitch. It shows promising results, and the other major engines are keeping pace, but I've aimed the project toward the uber-secretive GoogleBot engine.
Re:but this was resolved three weeks ago. by Nutria · 2005-12-21 04:03 · Score: 0, Troll

Europeans and their 12-day-long 31-month years...Sheesh!

Dammit! They should be more like Us!

--
"I don't know, therefore Aliens" Wafflebox1