Hi everyone. Today I came up with a XSS vulnerability in translate.googleusercontent.com. But as in Program Rules - Application Security - Google bugs like XSS in sanbox domains do not qualify for a bounty and are not considered as bugs.
To reproduce this XSS you have to go to translate a document page in Google Translate. Then you just need to create a .txt document by writing these lines to translate.
Script to write in the .txt file:
<script>alert("hacked")</script>
After you have created your .txt file upload it to the page and hit translate. But make sure you are translating it to a language other than English, or else it will not work. And you got XSS in translate.googleusercontent.com.
No comments:
Post a Comment