Yet More Google Security Failures

Google are still failing to keep even their flagship google.com domain secure from Cross Site Scripting attacks, others it allows arbitrary code insertion into google.com. See googles new pay search service (Not really of course, just my credit card form!) The flaw appears to be in failing to clean the characters in a book result search, It's a trivial flaw, that every google employee should know about, the same class of flaws keeps getting produced, Google developers, and google testers would appear to be uninterested in security, not even bothering to test flaws that they've found before.

Comments

  1. jim Says:
    I've updated the link to a google.com one which more reliably shows the book search than the previous arabic method, this was thanks to Christopher Schmidt.
  2. Jibbering Musings » Google Flaw not fixed, GMail contact stealing demo Says:
    [...] Despite the flaw being announced a long time ago, the google Book search flaw is still broken. It’s surprising that Google aren’t taking it more seriously, this one is very easy to use to automate a users GMail account, stealing contacts, or sending email if they are logged into google when they’re tricked into visiting such a page. [...]