Wednesday, November 13, 2013

XSS in Google Local

Hi,

Quite lazy but still want to share among you guys. No use for me to keep it up for myself.

URL : http://www.google.com/local/add
Bug  : XSS,probability Stored XSS

The vulnerability exist in the Video attachment. If you guys use the double quotes (") in this form, it wont work. Double quotes already filtered.

However, the youtube's href point is using single quote and this character is not filtered.
Moreover, this youtube's link is located in a few usefull tag such as <a href=> <video src=> and some others.

Payload used: youtube.com/watch?v=blalala');alert(1);('a




thanks,
@yappare