Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

Incident WHID 2005-56

WHID 2005-56: XSS vulnerabilities in Google.com
Date: 21 December 2005
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Cross-site Scripting

A redirection to an error page on Google.com includes values sent by the the user. This vulnerability allows phishers to send an e-mail with links to Google that will include their attack page.

References:



This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
© Copyright 2005, Web Application Security Consortium. All rights reserved.