Archive for ‘Google’

Google AdWords XSS’es

I don’t normally disclose vulnerabilities for web applications – but it’s Google. I’ve been mailing them – and they told me I didn’t find anything of relevance. So they decided not to patch the vulnerabilities. …and if there isn’t any vulnerabilites, I must be able to write about them right?

More+

Googleapis XSS

Yesterday I found a XSS vulnerability in googleapis.com – here is the email I sent google: http://fonts.googleapis.com/css responds to the parameter “family”, when this parameter is not editted and a normal api call would go to this script…

More+