Friday, September 21, 2007

Oops: Another XSS In Google Search Appliance

RSnake writes on ha.ckers.org:

Google’s search appliance appears to be vulnerable to another XSS vulnerability, according to Mustlive’s disclosure. It comes complete with a Google dork. Not good. Mustlive has contacted Google, who to my knowledge has not let their customers know that they are vulnerable - if I’m wrong, someone please correct me.

Here are a few examples: gsa.icann.org and search.york.ac.uk.

This obviously puts any site that uses Google’s search appliance with this particular vulnerability in it at risk (there are, as of this writing 186,000 listings on the Google dork). Time to patch up - once Google comes out with one, that is.

More here.

0 Comments:

Post a Comment

<< Home