Wednesday, April 19, 2006

Google HTML Injection

Google had an HTML injection bug... it’s now fixed. Before, you could access this URL and see a JavaScript alert (one you injected into the page, which can be abused for XSS, cross-site scripting). This security hole, as discussed on SecurityFocus, has been closed, possibly due to pointers sent to security@google.com. HTML injections are very common on many websites, but I was surprised to see this at Google.com.

Google HTML Injection by Philipp Lenssen | Comments (1)

>> More posts

Advertisement