Menu
A Clickjacking vulnerability existed on Google Website Translator that allowed an attacker to add a translate editor by redressing the editor management page.
Details
Google Website Translator pages (a total of 5 pages) were lacking X-FRAME-OPTIONS HTTP headerfield or frame-busting measures to prevent framing of the pages. So the editor management page could be redressed to 'click-jack' Google users.
Code:
Vulnerable Editor Management Page : http://translate.google.com/manager/editors
Proof of Concept
The redressed editor page with frame opacity set to 0 so it is invisible to the user. As soon as the user drags the matchstick into the cigarette and hits the result button, a new editor will be added to users' Website Translator.
With frame opacity set to 0.5 you can clearly see the redressed page and all the background stuffs. The matchstick is actually a text area that contains attacker's email address which is selected by default (JavaScript stuff),once the user drags the matchstick he will actually drag the email address into the invite email address area and when he will click the result, he will actually click the redressed invite button.
Google addressed the vulnerability by adding X-FRAME-OPTIONS header field which is set to DENY on all pages
Special Thanks to AMol NAik and Aditya Gupta
G4H Facebook