Spamming Google My Search History
Philipp Lenssen has an interesting post over at Google Blogoscoped pointing out how easy it is to plant a My Search History entry.
By placing a google search query string into an iframe, you can easily add an entry to any of your visitor’s My Search History.
Philipp’s tricky code:
<iframe src="http://www.google.com/search?q=Google+Blogoscoped+sneaked+in+through+the+backdoor" style="width:0; height: 0; border: 0; overflow: hidden” border="0></iframe>
Update: Realized my initial post didn’t explain the code fully. So here’s a breakdown of what is happening.
- The <iframe> tag loads up google in a hidden frame. This way normal visitors cannot detect it unless they view the webpage source.
- The google page is loaded with a query string. Inside the src attribute you can see the entire query. By changing the query, you can insert any search term into Google’s My Search History.
- Example: http://www.google.com/search?q=Insert+Search+Query+Here