Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Google suffered from XSS

Google suffered from XSS

by Nikola Strahija on December 22nd, 2005 Cross site scripting vulnerabilities in Google web site allowed malicious attackers to sniff through user's data and steal account information. Google has patched the security holes, and claims none of the user information was compromised.


Watchfire security experts warned about the flaws in Google error pages (the 404 and the redirection page), which allowed the exploit of the 7-bit Unicode Transformation Format character-encoding mechanism. The company corrected the flaws by using character-encoding enforcement, according to Watchfire.

Google officials stated that they became aware of the security hazard some time ago and fixed the problem as soon as possible. No user data was compromised due to the flaws, according to the company.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »