XSS Vulnerability Found in Google Translator

An IT security expert from India who goes by the name of Christy Philip Mathew has found a critical XSS vulnerability in sub-domain of Google translator [www.translate.google.co.in].

The expert reported that this vulnerability can an be later exploited by the hackers to attack the users via session Hijacking, phishing attacks or if exploited to git, it can also infect the users with dangerous spywares, adwares and malware by uploading a simple scripted TXT file on the Internet.

The vulnerable link is mentioned below:

XSS URL: http://translate.google.co.in/translate?hl=en&sl=sq&tl=en&u=http%3A%2F%2Fdemo.offcon.org%2Ftest.html

The script will be uploaded in a txt file and can be executed while the user clicks translation tab on the website.


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.