Google Blogoscoped

Forum

Google SQL-Like Injection

Justin Pfister [PersonRank 10]

Friday, November 3, 2006
14 years ago2,694 views

I did a search and Google outputs HTML code on the result screen, almost like you'd see with a SQL-Injection. I've had all my friends in the US see this, but Philipp (Germany) didn't. Try a search for this '*. (google.com/search?hl=en&q= ...)
  
Here's a blog post of what I've seen :
blog.justinpfister.com/2006/11 ...

Screen shot might make is easier:


blog.justinpfister.com/uploade ...

Kirby Witmer [PersonRank 10]

14 years ago #

did it for me and i'm in the US.

Justin Pfister [PersonRank 10]

14 years ago #

So you saw the HTML code which looks looks like this? : <a herf= froogle.google.com/froogle?q=' ... search results for '*

Niraj Sanghvi [PersonRank 10]

14 years ago #

Did *not* do it for me and I'm in the US. Strange.

Philipp Lenssen [PersonRank 10]

14 years ago #

[I fixed the first link in Justin's post, there was a bracket added...]

Tony Ruscoe [PersonRank 10]

14 years ago #

Looks like this bug might be fixed now as I just get a "Product search results for *" link.

Justin Pfister [PersonRank 10]

14 years ago #

The issue is definately still there. I made this discovery at work and now that I'm home, I tried it again and it's still outputting HTML code.
  

Stephen Tordoff [PersonRank 10]

14 years ago #

Just tried it on .co.uk, and .com through a proxy server, both return correct output

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!