Google search bug could be exploited by phishers


Google search bug could be exploited by phishers

Tash Shifrin

A bug in the Google Search Appliance used by many businesses to search their corporate information could be exploited in a phishing attack, security experts have warned.

The security news website warned that a Cross-Site Scripting (XSS) vulnerability in the widely used search appliance affects “a lot of large websites, many that are ripe for phishing exploits”.

The flaw was first reported on a hackers’ website and relates to the use of UTF-7 character encoding to bypass special character input handling. Examples have “demonstrated vulnerabilities at some major websites, including large government sites, major universities, etc”, said.

The security website has reported the issue to the US Computer Emergency Readiness Team (US-CERT) and to one of the affected government bodies.

But it warned, “With so many financial institutions and government agencies using this appliance it is only a matter of time before this vulnerability is exploited in a large scale phishing attack.”

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy