Text2SQLChar Converts an string into a CHAR() mysql, usefull when magic_quotes is on.
SQLIncrement Increments automatically the number of columns of the injected select query.
SQLDecrement Decrements automatically the number of columns of the injected select query.
Increment Allows you to navigate up html files or images that have a number in them.
Decrement Allows you to navigate down html files or images that have a number in them.
base64 Firefox only, base64 with no padding

I wrote the first 3 of them, I’m not javascript god, so they need to get improved, I’ll try to make them shorter, and follow a couple of suggestion from bookmarklets.com. The two others come from RSnake’ bookmarklet collection, where I fixed a detail, it was not decoding the URL before using it, so if the url contained an escaped value at the end of the url like %20, it would modify it and change it to %21. I’ll keep this post updated whenever I find or write a new security-related bookmarklet. As another issue, I noticed that the site looks ugly on low resolution systems, so I’ll try to get a new theme to fix that on a couple of days and update the wordpress version.

www.google.com/ig/adde?moduleurl=http://beford.org/stuff/ig.xml

I’ve just notified Google about this, to avoid been a target of this flaw you can switch to Mozilla Firefox (+Noscript), or upgrade to IE7, which is not an option for Windows 2000 users.

Update: According to a friend, Rafael, Opera users are vulnerable aswell, he sent me an screenshot which you can see here: Opera Google XSS.

Update 2: Google fixed this on 27 November.