[thelist] [OT] Breaking Google...

Rodrigo Fonseca lists at vega.eti.br
Thu Oct 23 18:05:57 CDT 2003


Roger Ly wrote:
> Offending onclick function is this:
> 
> return
> b('http://groups.google.com/groups?q=roger's&hl=en&lr=&ie=UTF-8&oe=UTF-8
> &sa=G','wg',event);
> 
> Which has its first parameter prematurely terminated by the single
> quote.

Yes, you're right. I've just tested and it fired an error.
Strange that Google does not filter single quotes...
Haven't they heard about SQL injection yet?

[]'s

	Rodrigo Fonseca.



More information about the thelist mailing list