April 10, 2025 09:01:04 PM Menu

Latest

11:02 PM IDM Internet Download Manager 6.19 Build 8 Serial Keys Free Download

Home » XSS » XSS in Google Finance

XSS in Google Finance

On July 11 2013, I reported to Google Security a XSS vulnerability I discovered in google.commain domain, which required no user interaction.

It is due to a glitch in Google Finance, which is hosted on google.com/finance, that allows to trick the Javascript application for plotting charts (in particular, sourcefile /finance/f/sfe-opt.js) to load a file hosted on an external domain and eval()

30 Jul 2013

Related Posts

Yahoo Advertising Service vulnerable to XSS attacks
21 Jun 20130
Yahoo! Advertising Service has is vulnerable to cross-site scripting security bugs, discovered by So...Read more »
How to Hack Websites - Cross Site Scripting (XSS)
22 Apr 20120
Some of the interesting tutorials from the web on Cross Site Scripting attacks. (http://en.wikipedia...Read more »

0 comments:

Post a Comment

WELLCOME MY WEB

:))

;((

:-)

=))

;-(

:-d

@-)

:>)

(o)

[-(

:-?

(p)

:-s

(m)

8-)

:-t

:-b

b-(

:-#

=p~

$-)

(b)

(f)

x-)

(k)

(h)

(c)

cheer

Click to see the code!
To insert emoticon you must added at least one space before the code.

Subscribe to: Post Comments (Atom)

Top