Người đẹp

Thứ Ba, 30 tháng 7, 2013

XSS in Google Finance

On July 11 2013, I reported to Google Security a XSS vulnerability I discovered in google.commain domain, which required no user interaction.

It is due to a glitch in Google Finance, which is hosted on google.com/finance, that allows to trick the Javascript application for plotting charts (in particular, sourcefile /finance/f/sfe-opt.js) to load a file hosted on an external domain and eval()

Share this post

0 nhận xét

:)

:-)

:))

=))

:(

:-(

:((

:d

:-d

@-)

:p

:o

:>)

(o)

[-(

:-?

(p)

:-s

(m)

8-)

:-t

:-b

b-(

:-#

=p~

:-$

(b)

(f)

x-)

(k)

(h)

(c)

cheer

Posts RSS ∙ Comments RSS ∙ Back to top
Copyright © 2013 by CHIA SẼ VÌ CỘNG ĐỒNG ∙ Templated by Tin tuc 24h.
Tin tức thời sự cập nhật liên tục 24h từ các báo mạng uy tín Việt Nam.