Spare Clock Cycles

Posts Tagged With 'xss'

Google Analytics XSS Vulnerability

Written by admin in Google, Vulnerabilities on Thu 03 February 2011. Tags: google analytics, google reward program, vulnerability, xss,

This post documents an XSS vulnerability I discovered in the event tracking functionality provided by Google Analytics. Given a website's Google account number (which can be found in the site source), one could spoof specially crafted events that, when clicked in the administrative interface, would run arbitrary Javascript in ...

Gmail+Google Chrome XSS Vulnerability

Written by admin in Code, Google, Vulnerabilities on Tue 14 December 2010. Tags: chrome, gmail, google chrome, google reward program, vulnerability, xss,

The weekend before last, I found a flaw in Gmail that on the one hand was rather exciting for me (as I hadn't expected to find anything at all, and it was pretty clearly reward-worthy), but on the other was a little unnerving, given how quickly and easily I ...

Shibboleth Example Login Page: POST Location Hijacking Vulnerability

Written by admin in Code, Vulnerabilities on Thu 09 December 2010. Tags: implementation fail, phishing, post hijacking, shibboleth, xss,

EDIT: This flaw, according to the lead Shibboleth developer, was discovered and patched in late 2008. It seems that a number of universities are still running outdated copies of the software, which is what I found in my research. If you are running the latest version of Shibboleth (2.2 ...