November 29, 2012

XSS vulnerability in Google Translate

XSS vulnerability in Google Translate

After disclosing vulnerability in TCS website, A security researcher from India who goes by the Name "Christy Philip Mathew", has submitted a critical XSS vulnerability affecting a sub domain of Google i.e

According to Researchers report this bug can be exploited by malicious users to conduct phishing attacks , session Hijacking against Google users and also to infect them with malware, adware and spyware by just uploading scripted TXT file on Internet.

Proof of Concept

Steps to Reproduce:

Proof of Concept 1:


Proof of Concept 2:

When a user upload a xss script in a text file on Google Translate the XSS Script gets executed on translating.