Search This Blog

Code Execution vulnerability in Google Earth found by longrifle0x


A code Execution vulnerability in Google Earth application was identified by Security Researcher Ucha Gobejishvili (also known as longrifle0x). The researcher demonstrated the attack in his own blog.

The PlaceMark field in the app is found to be vulnerable and allows an attacker to run javascript code. Hacker demonstrated the attack by inserting the following code:
<A HREF="javascript:document.location='http://www.secday.blogspot.com/'">XSS</A><marquee>Georgia</marquee>
The above tag will execute the script and load the secday.blogspot.com.

Share it:

Application Vulnerability

Vulnerability