Hi Francisco, Unfortunately your disclosure is factually wrong. Please note that even the packet you are citing says "Host: translate.googleusercontent.com" - this is not the same domain as translate.google.es (or translate.google.com), therefore, due to the JavaScript same-origin policy ( http://ift.tt/1k9Orkx) it's a different origin. Which means that scripts executed from translate.googleusercontent.com do not have access to cookies/DOM/etc of Google Translate main domains (translate.google.es, etc). And there are no interesting cookies / things to do on translate.googleusercontent.com. Given the above, as Google surely told you, you didn't find an XSS in Google Translate, you found an XSS in a sandbox domain, which was designed to allow execution of potentially hostile JavaScript code. Hey, you even can find the *.googleusercontent.com domain in Google's sandboxed domain listing: http://ift.tt/1IfJnK3 Keep in mind that when doing XSS-related security research a popping out alert box tells you that you can execute code, but not if it's a vulnerability - for that you need to verify the domain (and maybe schema/port as well, depending on your case), e.g. by doing alert(document.domain) instead of alert('XSS en Google AUDIT') ;) Cheers, Gynvael On Fri, Nov 27, 2015 at 10:28 AM Francisco Javier Santiago Vázquez <
franciscojaviersantiagovazquez@gmail.com> wrote: > I. VULNERABILITY >
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment