[thelist] [OT] Breaking Google...
Rodrigo Fonseca
lists at vega.eti.br
Thu Oct 23 18:05:57 CDT 2003
Roger Ly wrote:
> Offending onclick function is this:
>
> return
> b('http://groups.google.com/groups?q=roger's&hl=en&lr=&ie=UTF-8&oe=UTF-8
> &sa=G','wg',event);
>
> Which has its first parameter prematurely terminated by the single
> quote.
Yes, you're right. I've just tested and it fired an error.
Strange that Google does not filter single quotes...
Haven't they heard about SQL injection yet?
[]'s
Rodrigo Fonseca.
More information about the thelist
mailing list