SecuriTeam"! - Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities(情報元のブックマーク数)
GoogleDocsにクロスサイトスクリプティングの脆弱性が存在するそうです。
antixssフィルターを回避できるそうです。
Google Docs makes possible to create a new document. When a user creates a new document he has the possibility to change its html code through the Edit Html option. An attacker can make a malformed document using decimal HTML entities (without semicolons) and hexadecimal entities (with semicolons) to bypass antixss filters.
Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities
img srcにJavascriptを入れるだけだそうです
Google Docs (HTML code) Multiple Cross Site Scripting VulnerabilitiesExample:
<IMG SRC="javascript :alert('test');"> (decimal HTML entity)
<IMG SRC="javascript :alert('test');"> (hexadecimal HTML entity)
