Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
Type: this can't be true into G
Here's the code:
A simple apostrophe/js error? No way.. Have I got something hooking my google requests, or is this seriously a JS error from 1998?
Here's a clearer example:
Previous examples gave JS syntax errors; this example shows that you can play with the user's Google cookie.
This isn't the easiest bug to exploit. First, [google.com...] doesn't have logins, so you can't do things "as the user" other than change his preferences. Second, it requires the Google user to click one of the tabs at the top of the page after following your malicious link.
Btw, that URL works in both IE and Mozilla Firebird.