Webmaster Forum - View Single Post - Google Toolbar About.HTML HTML Injection Vulnerability

imaginemn · 09-21-2004, 06:38 AM

It's with the toolbar itself. If you copy the code and save it as an html file then open the html file you will see the vulnerability. I did not discover this flaw. Since this is a newly discovered issue I am not sure the full extent of the damage that could be caused. The code provided will only do a javascript alert window to prove concept. It affects Google Toolbar 1.1.41 through Google Toolbar 2.0.114 .1 versions.

This is an issue that was recently discovered on September 17 and being discussed at a corporate security briefing I was attending due to some security alerts I received.

I meant to post some links that confirms this.

http://www.securityfocus.com/bid/11210
http://www.securitytracker.com/alert...p/1011351.html

imaginemn

09-21-2004, 06:38 AM	#3 (permalink)
imaginemn v7n Mentor Join Date: 02-18-04 Location: Minneapolis, Minnesota Posts: 1,941 iTrader: 0 / 0% Latest Blog: Summer web design special!!	It's with the toolbar itself. If you copy the code and save it as an html file then open the html file you will see the vulnerability. I did not discover this flaw. Since this is a newly discovered issue I am not sure the full extent of the damage that could be caused. The code provided will only do a javascript alert window to prove concept. It affects Google Toolbar 1.1.41 through Google Toolbar 2.0.114 .1 versions. This is an issue that was recently discovered on September 17 and being discussed at a corporate security briefing I was attending due to some security alerts I received. I meant to post some links that confirms this. http://www.securityfocus.com/bid/11210 http://www.securitytracker.com/alert...p/1011351.html imaginemn __________________ Imagine Creative Services Design : Marketing : Multimedia : More