Posts Tagged ‘Search’
These ‘Snap’shots are presumably identical to the ones the search engine itself uses.
(It allows for previewing of search results for ease of use)
Now, this is all fairly harmless and seemingly pointless, except that it seems they not only use a Gecko-based browser,(probably Firefox) to spider(or at the least, take their snapshots) sites.
Take a look at this screenshot of a MySpace page with an older persistant XSS on it.
As you can see, there is an Alert() in the Snap Preview.
I knew Google indexes XSS, but actually running the JS seems like bad practice…