0x1 Affected Script: Google+ Help Support & Google+ Help Support & Google Translator Help Support
0x2 Script Link: http://translate.google.com/& http://plus.google.com/
0x4 Author: Sandeep kamble
0x5 Reported : June 30 2011
0x6 Public Release July 21 2011
Affected Script Overview : Google+ Help Center where you can find tips and tutorials on using Google+ and other answers to frequently asked questions and Google Translate Help Center where you can find tips and tutorials on using Google Translate and other answers to frequently asked questions.
Affected script :
2) support/bin/search.py?query= (Subdomain Translator)
Google + affected script having stored Xss attack which can used for the grabbing the cookies .
Google Translator Non-persistent XSS attack which can be used to execute only the JS Script
1) Google +
Don’t shock , you might be thinking the payload “alert(‘ss’)” and give output as “XSS” in message . This is happen due to spelling (Google function did u meant ) ..
Try to search this keyword “<script>alert(‘ss’)</script>” you will get the answer why it was coming.
2) Translator Google
I don’t have screen shot of Google translator XSS attack.
1) Determine whether HTML output includes input parameters
2) In short perform input sanitization
Thank you to Google
If you want to test your application. Vulnerability Research and Penetration testing service. Follow me on Twitter @sandeepL337