Dwayne C. Litzenberger exposes a Cross-site Request Forgery (XSRF) vulnerability with Google that allows other sites to change your Google language preferences. He explains that this kind of vulnerability occurs “when a website is able to fool a user into doing things on another website that the user wouldn’t actually want to do.” Dwayne offers a sample link which, when clicked, changes your Google homepage to Irish.
With Firefox, I could even reproduce this using a hidden Iframe on a page... this one will make your visitor’s Google homepage speak Elmer Fudd (remove breaks):
<iframe style="display: none" src="http://www.google.com/setprefs?hl= xx-elmer&submit2=Save%20Preferences%20&prev= http://www.google.com/&q=&submit= Save%20Preferences%20"></iframe>
[Thanks Roger Browne and Ionut Alex. Chitu in the forum!]
>> More posts
Advertisement
This site unofficially covers Google™ and more with some rights reserved. Join our forum!