CVE-2007-1085
Google Desktop - Cross-Site Scripting via Advanced Search 'under' Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1085. PoCs published by Yair Amit.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Google Desktop by injecting a script tag into the search query parameter. The vulnerability allows arbitrary script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Google Desktop by injecting a script tag into the search query parameter. The vulnerability allows arbitrary script execution in the context of the affected site.