XSS vulnerability in Google Translate - Hack Reports

Breaking

Thursday, November 29, 2012

XSS vulnerability in Google Translate

XSS vulnerability in Google Translate

After disclosing vulnerability in TCS website, A security researcher from India who goes by the Name "Christy Philip Mathew", has submitted a critical XSS vulnerability affecting a sub domain of Google i.e translate.google.com.

According to Researchers report this bug can be exploited by malicious users to conduct phishing attacks , session Hijacking against Google users and also to infect them with malware, adware and spyware by just uploading scripted TXT file on Internet.



Proof of Concept

Steps to Reproduce:





Proof of Concept 1:


XSS URL: http://translate.google.co.in/translate?hl=en&sl=sq&tl=en&u=http%3A%2F%2Fdemo.offcon.org%2Ftest.html


Proof of Concept 2:


When a user upload a xss script in a text file on Google Translate t
he XSS Script gets executed on translating.

No comments:

Post a Comment