Google Feature or Bug ?

None's perfect, even google isn't ! Thanks to REz (CeSeNA group's guy) I found out this interesting feature (or bug ?).

Let's try it by yourself, this is the vulnerable link:

The cof variable seems to be not filtered. Even the best web company on the web can fall on common vulnerabilities.

Here TheHackerNews report.

If you think like Anonymous:

"There's nothing weird about the "col" argument. It's there to let users add a logo to the search page, when they embed a site search on their own page. It's restricted to a specific Google domain, and there's no way to break out of the src attribute."

Please try by yourself before writing insulting comments.....

Here the link is:

As you can see: is outside specific google domain.

Again, I have not changed (or personalized) the Google Logo. It's still there. BTW I am not saying that this is a huge Google Bug and that you can exploit or whatever... I am just saying that you can insert through "cof" and "L" something weird, at least to me... is this a feature ? Well, cool I'm fine. Please stop to be offensive hiding behind Anonymity.

Many emails from forced me to change the title from Google XSS to Google Feature or Bug ?