An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to

November 20, 2006

XSS Vulnerability in Google Search Appliance

Maluc found a cross-site scripting vulnerability in Google Search Appliance, a box that indexes documents from intranet and web sites. If you set the output encoding to UTF-7, the appliance doesn't validate the query and you can pass JavaScript.

Here's one example for Stanford's site that uses Google Search Appliance:

No comments:

Post a Comment