Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) – Full Disclosure

by Joe-W · February 2, 2025

Posted by David Fifield on Feb 01

I tested a few more times, and it appears the text injection has
disappeared.

These are timestamps when I tested, with offsets relative to the initial
discovery.

+0h 2025-01-28 03:00 initial discovery
+5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works
(https://archive.is/DD9xB)
+14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works
(no archive)
+45h…
– Read More – Full Disclosure

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) – Full Disclosure

Leave a Reply Cancel reply

Recent Posts