So, today I found an XSS in Google's vulnerability submission form ! OMG Really ? Well...sort of :) It's actually an Easter-egg by Google. I love Google for million reasons, and one of the many reasons is when it comes to innovative humor no one beats Goog ! This one is probably the best Easter-egg by Google this year.
Try all the variants too:
- https://www.google.com/appserve/security-bugs/new?rl=%3Cscript%3Ealert(43)%3C/script%3E
- https://www.google.com/appserve/security-bugs/new?rl=%3Cscript%3Ealert('xss')%3C/script%3E
- https://www.google.com/appserve/security-bugs/new?rl=%3Cscript%3Ealert(document.domain)%3C/script%3E
- https://www.google.com/appserve/security-bugs/new?rl=<script>alert(document.cookie)</script>
Pretty cool huh! Under the hood the below JavaScript code does the job:
PACKED
eval(function (p, a, c, k, e, r) {
e = function (c) {
return c.toString(a)
};
if (!''.replace(/^/, String)) {
while (c--)
r[e(c)] = k[c] || e(c);
k = [function (e) {
return r[e]
}
];
e = function () {
return '\\w+'
};
c = 1
};
while (c--)
if (k[c])
p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c]);
return p
}
('5(4.3.6(/2\\([\'"]a[\'"]\\)/))2(\'c\');7 5(4.3.6(/2\\([0-9]/))2(b);7 5(4.3.6(/2\\(8.d/))2(\'q.0.0.1\');7 5(4.3.6(/2\\(8.f/))4.3=\'g://h.i/j/k-l-m-n-o/p.e\';', 27, 27, '||alert|href|location|if|match|else|document||xss|42|excesses|domain|aspx|cookie|http|allrecipes|com|Recipe|Beths|Spicy|Oatmeal|Raisin|Cookies|Detail|127'.split('|'), 0, {}));
})();
UNPACKED
eval if (location.href.match(/alert\(['"]xss['"]\)/))
alert('excesses');
else if (location.href.match(/alert\([0-9]/))
alert(42);
else if (location.href.match(/alert\(document.domain/))
alert('127.0.0.1');
else if (location.href.match(/alert\(document.cookie/))
location.href = 'http://allrecipes.com/Recipe/Beths-Spicy-Oatmeal-Raisin-Cookies/Detail.aspx';
Want more Google Easter-eggs ? check out this wiki list
0 comments:
Post a Comment