<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Hy,</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">there is a flaw in a google redirection url that can allow a redirection on any website from an url begining by <A href="http://www.google.com/"><FONT class="Apple-style-span" color="#001EE6">http://www.google.com</FONT></A>...</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Here is the link:</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://www.google.com/url?q=http://whmt.blogspot.com/&sa=D&sntz=1&usg=1'">http://www.google.com/url?q=http://whmt.blogspot.com/&sa=D&sntz=1&usg=1'</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">This link will redirect you on my blog(<A href="http://whmt.blogspot.com/"><FONT class="Apple-style-span" color="#001EE6">http://whmt.blogspot.com</FONT></A>/). (It's safe)</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">The flaw is in the variable usg that you can corrupt by writing usg=1'. It will allow any redirection.(And could be used for phishing)</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">See you soon.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Clement.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://whmt.blogspot.com/">-_WHMT_-</A></DIV></BODY></HTML>