XSS: Google Earth XSS vulnerability

I came across an interesting article that┬álongrifle0x┬áhas found a vulnerability for script execution within Google Earth. So I decided to test with metasploit, in an attempt to see if the payload can be sent to victim, but it was sandboxed, the popup warning was suppressed.  

Web Application Attack: Cross site scripting (aka XSS)

Reflected XSS Reflected XSS is a technique that uses the web server's domain and attached your own script onto the domain; the attacker then uses this link and sends to unsuspected user, once the user clicked on the link the script is executed by user's browser. Test for XSS Preparing a link that attaches attacker's … Continue reading Web Application Attack: Cross site scripting (aka XSS)