An IT security expert from India who goes by the name of Christy Philip Mathew has found a critical XSS vulnerability in sub-domain of Google translator [www.translate.google.co.in].
The expert reported that this vulnerability can an be later exploited by the hackers to attack the users via session Hijacking, phishing attacks or if exploited to git, it can also infect the users with dangerous spywares, adwares and malware by uploading a simple scripted TXT file on the Internet.
The vulnerable link is mentioned below:
XSS URL: http://translate.google.co.in/translate?hl=en&sl=sq&tl=en&u=http%3A%2F%2Fdemo.offcon.org%2Ftest.html
The script will be uploaded in a txt file and can be executed while the user clicks translation tab on the website.
