Spamming Google My Search History

Philipp Lenssen has an interesting post over at Google Blogoscoped pointing out how easy it is to plant a My Search History entry.

By placing a google search query string into an iframe, you can easily add an entry to any of your visitor’s My Search History.

Philipp’s tricky code:

<iframe src="http://www.google.com/search?q=Google+Blogoscoped+sneaked+in+through+the+backdoor" style="width:0; height: 0; border: 0; overflow: hidden” border="0></iframe>

Update: Realized my initial post didn’t explain the code fully. So here’s a breakdown of what is happening.

  1. The <iframe> tag loads up google in a hidden frame. This way normal visitors cannot detect it unless they view the webpage source.
  2. The google page is loaded with a query string. Inside the src attribute you can see the entire query. By changing the query, you can insert any search term into Google’s My Search History.
  3. Example: http://www.google.com/search?q=Insert+Search+Query+Here

One thought on “Spamming Google My Search History

  1. Pingback: Search Engine Roundtable

Comments are closed.