Posts Tagged With 'xss'

Google Analytics XSS Vulnerability

Written by admin in Google, Vulnerabilities on Thu 03 February 2011. Tags: google analytics, google reward program, vulnerability, xss,

This post documents an XSS vulnerability I discovered in the event tracking functionality provided by Google Analytics. Given a website's Google account number (which can be found in the site source), one could spoof specially crafted events that, when clicked in the administrative interface, would run arbitrary Javascript in ...

Continue reading »



Shibboleth Example Login Page: POST Location Hijacking Vulnerability

Written by admin in Code, Vulnerabilities on Thu 09 December 2010. Tags: implementation fail, phishing, post hijacking, shibboleth, xss,

EDIT: This flaw, according to the lead Shibboleth developer, was discovered and patched in late 2008. It seems that a number of universities are still running outdated copies of the software, which is what I found in my research. If you are running the latest version of Shibboleth (2.2 ...

Continue reading »



Copyright Ben Schmidt 2015