November 29, 2012

XSS vulnerability in Google Translate

XSS vulnerability in Google Translate

After disclosing vulnerability in TCS website, A security researcher from India who goes by the Name "Christy Philip Mathew", has submitted a critical XSS vulnerability affecting a sub domain of Google i.e translate.google.com.

According to Researchers report this bug can be exploited by malicious users to conduct phishing attacks , session Hijacking against Google users and also to infect them with malware, adware and spyware by just uploading scripted TXT file on Internet.

Proof of Concept

Steps to Reproduce:

Proof of Concept 1:

XSS URL: http://translate.google.co.in/translate?hl=en&sl=sq&tl=en&u=http%3A%2F%2Fdemo.offcon.org%2Ftest.html

Proof of Concept 2:

When a user upload a xss script in a text file on Google Translate the XSS Script gets executed on translating.