XSS Vulnerability Found in Google Code

Proof of concept shows the Code Playground is vulnerable

Dec 8, 2011 07:40 GMT · By Eduard Kovacs

An XSS vulnerability was found in Google Code's Code Playground

14 DAY TRIAL // JUST $1.00 Play Starfield, Forza Motorsport, and hundreds of other PC games for one low monthly price.

A hacker called Vansh Sharma claims he found a cross-site scripting (XSS) vulnerability in Google Code’s Code Playground, the section of Google Code where users can test their programming skills.

The Hacker News published a proof of concept that can be tried out by anyone. Just go to Ajax Playground and replace one of the present codes with

code

In order to edit the code you need to first press the Edit HTML button.

Once the code is inserted, click on Debug Code. You will be presented with an error message alerting you that the “Sample must haveelement”. Press the OK button and wait for a popup which says “XSS”.

If at first it doesn’t work, you can try again, but instead of pressing Debug Code, click on Run Code.

#XSS#Google#code#vulnerability