A hacker called Vansh Sharma claims he found a cross-site scripting (XSS) vulnerability in Google Code’s Code Playground, the section of Google Code where users can test their programming skills.
The Hacker News
published a proof of concept that can be tried out by anyone. Just go to
http://code.google.com/apis/ajax/playground/ and replace one of the present codes with
<img src="<img src=search"/onerror=alert("XSS")//">. In order to edit the code you need to first press the
Edit HTML button.
Once the code is inserted, click on
Debug Code. You will be presented with an error message alerting you that the “Sample must have <head> element”. Press the
OK button and wait for a popup which says “XSS”.
If at first it doesn’t work, you can try again, but instead of pressing
Debug Code, click on
Run Code.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
