XSS on Google.com

Discussion in 'Forum for discussion of ANTICHAT' started by Fugitif, 3 Dec 2007.

  1. Fugitif

    Fugitif Elder - Старейшина

    Joined:
    23 Sep 2007
    Messages:
    408
    Likes Received:
    227
    Reputations:
    42
    To be more precise our link is http://finance.google.com

    Ok..My XSS alert is here:

    http://finance.google.com/finance/portfolio?action=add&hash

    How you see in the screen we need authentication.

    [​IMG]

    Good,I go inside with my account and now I try to add something on my
    Portofolio. I try to add something like this

    Code:
    "><script>alert(/XSS/)</script>
    OR: like this
    Code:
    "><script>alert(document.cookie)</script> 
    :)

    [​IMG]

    After I have put that string and I press the key "Add to portofolio" we
    can see the surprise

    [​IMG]


    That's all.
     
    22 people like this.
  2. Sn@k3

    Sn@k3 Elder - Старейшина

    Joined:
    13 Apr 2006
    Messages:
    1,138
    Likes Received:
    437
    Reputations:
    90
    no bad =), i found xss on such giants, as xakep.ru and it.com
     
    1 person likes this.
  3. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,594
    Likes Received:
    976
    Reputations:
    783
    Sorry, but LOOOL:DDD
     
  4. tclover

    tclover nobody

    Joined:
    13 Dec 2005
    Messages:
    763
    Likes Received:
    682
    Reputations:
    287
    kill yourself against the wall
     
    1 person likes this.
  5. W!z@rD

    W!z@rD Борец за русский язык

    Joined:
    12 Feb 2006
    Messages:
    994
    Likes Received:
    289
    Reputations:
    43
    just heck, no more...
    may be google have a any sql injection?

    tclover ))))
     
  6. VERte][

    VERte][ Elder - Старейшина

    Joined:
    17 May 2007
    Messages:
    241
    Likes Received:
    163
    Reputations:
    32
    i'm not sure that xakep.ru is a giant, moreover it's popularity is rapidly decreasing now =)
     
    #6 VERte][, 3 Dec 2007
    Last edited: 3 Dec 2007
  7. inlanger

    inlanger Elder - Старейшина

    Joined:
    7 Jan 2007
    Messages:
    1,028
    Likes Received:
    286
    Reputations:
    27
    it's realy cool...
    get document.cookie is working!
     
  8. Roba

    Roba Banned

    Joined:
    24 Oct 2007
    Messages:
    241
    Likes Received:
    299
    Reputations:
    165
    otvety.google.ru

    My XSS alert is here:
    Code:
    https://forum.antichat.ru/thread55954.html
    =)))
     
    #8 Roba, 16 Dec 2007
    Last edited: 16 Dec 2007
    2 people like this.
  9. SKiMN

    SKiMN Elder - Старейшина

    Joined:
    21 Aug 2007
    Messages:
    18
    Likes Received:
    4
    Reputations:
    0
    Cool, but they closed that XSS
     
    #9 SKiMN, 25 Apr 2008
    Last edited by a moderator: 26 Apr 2008
Loading...