It’s just been a week for Google issues, hasn’t it? Well today is no different, except instead of finding exploits in Google’s social networking product (Orkut) this one is in Google proper. I got an email from Hong, in China. He found a fairly obscure and difficult to exploit cross site scripting vulnerability in Google’s website. Here’s how it’s done.
Nice work, Hong! Btw, in case you weren’t following the boards, I’d highly encourage anyone interested in knowing more about Google’s ethics to visit this post by Jeremy Zawodny.