I gave this title just to get more views to it, i have found another XSS vulnerability in google login pages. Have a look at it before it gets fixed, i have pasted the code below, which you will need to run into your address bar and have fun! Code: https://www.google.com/accounts/ServiceLoginAuth?service=jotspot&continue=http%3A%2F%2Fsites.google.com%2F%3Fhl%3Dfr&service=jotspot&ul=1&ul=1&sulf=1&UniversalLoginEmail=%22%27%2F%3E%3Cscript%3Ealert(%27Xssed%20by%20Indian%20Sword%27)%3C%2Fscript%3E&uls=Valider P.S.:- I've already reported it to google, so it'd be fixed soon.
lol, r u dbouting me? i aint gonna steal nothing, if u still dbout then clear your cookies and then check it will create another MANUAL box in GMAILS main page, as u see it is NOT some PHISHING SH81, because the address starts with "google.com"
You're talking about OUTPUT!? Right now i made another box below the login box just to make you guyz udnerstand. Now, i can just remove that box and make the gmail the way it usually looks, and at the end i can add a script to steal the cookies and that particular script i can use "charcode[]" and hex the script so no one would understand it. If you remember the XSS worm in orkut albums, ONLY orkut worm stole more than 45,000 ids just in about 5 hours. And this thing is ENTIRE GOOGLE including adsense,orkut,gmail etc. etc. yea 1 more thing, this vBulletin reputation system SUCKS!
Agreed that Google Accounts could be in trouble but I guess they should have fixed it by now but I still see its not.
lol i love it. Because: sql injection, shells everything else is just a certain way to be followed u know..., if u get a vulnerabale site then you follow the STANDARD STEPS. XSS is something, which totally depends on ur skills and imagination. YOU have to work on it to MAKE a website vulnerable. So i like it because, its you who makes the site vulnerable. unlike others where PRE-KNOWN vuln. sites are hacked.
i think that google SO CALLED engineers arent working on it because no serious hack has been executed so far. Now, the BLACK HAT guy inside me is encouraging me to do something wrong LOL. i have work offs on friday and saturday, probably i wud do something which will get their attention to it
lol that's it? After all the frustration they caused you for not appreciating your help and not getting back to you in a timely manner, they just say "thanks, we're working on it"? lol
He at least got the reply and there are 100s or 1000s of them waiting for a reply from Google these days
indiansword, congratulations on that great find my friend. XSS vulnerable site are more common than people think. Even tho it should be fixed by now it reaffirms what i always said....there is lots of talented people in this forum,and i include our admin Shabbir. Props to you and my respect.