Re: XSS?

I really dont see a problem here? 

Vulnerability? What are you on about? Simple, expected redirect (key
word: expected). 

Here is a more in context example.

Lets say you have some sort of managment system (lets say a CRM of some
sort) and you search for user with name 'A'. Returned result set
contains 20 matches. You are presented with a list and you choose which
one you want to look at in details. However if result set returned is a
single, exact match then there is absolutely no point showing a list of
matches since we already know that there is only a single match. Hence,
go directly to data, saving time and effort.

   Serg

On Tue, 2005-11-15 at 13:51 +0000, Aman Raheja wrote:
> This is not XSS but indeed a vulnerability since they are not validating 
> the URL and it's irresponsible of google not to take care of this kind of 
> vulnerability which would aid phishing.
>
> Aman Raheja
> http://www.techquotes.com
>
> On Tue, 15 Nov 2005 11:52:19 +0800, Andrew Chan <quickt@gmail.com> wrote :
>
> > I tried http://www.google.com/url?q=http://www.microsoft.com and it got
> > directed. it seems that I received one such phishing email that makes
> > use of this to obfuscate the actual URL lately.