Hey Holla Forums, I think I've just discovered a potential security hole in Googles services;
>upload it to; translate.google.com
So who's ready to fuck Googles shit up?
Hey Holla Forums, I think I've just discovered a potential security hole in Googles services;
Lucas Cox
Other urls found in this thread:
google.com
archive.is
twitter.com
Bentley Peterson
...
Luis Wright
Holla Forums is dead, try another board if you want anything other than ponies and gay porn
Jace Perry
what happens
Aiden Foster
The script gets executed, this isn't supposed to happen, Google Translate normally blocks uploading files with a Javascript MIME type and will usually detect if a file contains JS code, but do to an oversight it runs scripts just fine with a .tpl extension
Someone could upload a malicious script to Googles servers basically
Adrian Adams
Why haven't you done anything OP?
Xavier Morales
I don't know how to javascript, I just discovered a bug and wanted to share it to get something going
Luke Fisher
I doesnt do anything it just comes up as an error saying the file is already in english, i honestly do know what you think it would do
Logan Brown
rename some variables to Chinese letters m8
Evan Mitchell
OP here
Sorry, I forgot the .tpl has to contain some other language somewhere like Chinese
Add a code comment and some foreign symbols
Mason Cruz
yeah, was just about to say it doesnt work
Owen Garcia
doesnt work
Jack Thompson
If it's commented out on the file you upload, then why would you think it would not be commented when they run it?
Aiden Evans
OP here
Just take a look at the content of a tesy template file I have from some webpage
setTimeout(function(){window.location="{{HOMEPAGE}}";}, 2000);{{CONTENT}}, 2s后返回主页. setTimeout(function(){window.location="{{HOMEPAGE}}";}, 2000); 成功发表新串, 2s后返回主页. setTimeout(function(){window.location="/thread/{{THREAD_NO}}";}, 2000); 回复成功, 2s后返回No.{{THREAD_NO}}. setTimeout(function(){window.location="/admin";}, 2000);登录成功 ({{COOKIE}}), 2s后返回控制面板.已上传图像:
Save this as a .tpl and it should work
Landon Perry
This one worked for me, not sure how its any different than other shit but it worked
Robert Allen
Yeah, every time I try to do some random Javascript it blocks me
This one does indeed work for me though, so it must have something to do with the formatting for Google not to detect code and block it
Brody Moore
Does Google do exploit bounties?
Ayden Williams
I meant ad a comment at the bottom of the file dipshit
Nicholas Stewart
All they have is a bug report form, they don't give you shit but some recognition I believe
Juan Young
Holy shit user you broke Google
Sebastian Stewart
Carter Sanchez
Hope you niggers are behind 7 proxies
Evan Wilson
but its not really qualified
Christopher Bailey
If it has you executing code on their servers, they will want it
Jacob Cox
This is why we don't raid anymore whiteknight faggots
Carter Williams
hang yourself.
Lucas Taylor
So does this mean the script is executed on Googles servers and not locally?
holy shit this is huge, how the fuck did they miss this?
Zachary Barnes
Who here knows how to get SQL database info from JS?
Jacob Roberts
>>>Holla Forums
Joseph Mitchell
so your browser executes a script not the server…? server is just serving back what you serverd not executing, that is done by your own computer right?
Jace Butler
Wrong, see;
Brody Sanders
Google is executing the script and serving output from translate.googleusercontent.com
Jonathan Howard
The script is definitely being ran on Googles end as it's ran through the translator
Matthew Roberts
Google typical blocks all JavaScript uploads, the formatting of the template file seems to bypass it somehow, I think it just has more to do with the formatting, you basically create a .tpl file with inline JavaScript and Google will run it on their servers
Now we just need to write an SQL injection script
Wyatt Martinez
>>>Holla Forums
Jeremiah Powell
Holla Forums is a bunch of squares, they'll never help us…
Kayden Cook
don't know till you try
Samuel Baker
They don't seem to be tok helpful tbh
>>>Holla Forums592322
Justin Morris
welp rip
dubs checked
Dominic Jackson
So who's the faggot who is going to claim credit for this and submit a bug bounty to Google for money?
Wyatt Scott
You people are all wasted opportunities
Kevin Campbell
Oh never mind this doesn't qualify if it's executed on translate.googleusercontent.com
"Cross-site scripting vulnerabilities in “sandbox” domains We maintain a number of domains that leverage the same origin policy to safely isolate certain types of untrusted content; the most prominent example of this is*.googleusercontent.com. Unless an impact on sensitive user data can be demonstrated, we do not consider the ability to execute JavaScript in that domain to be a bug."
Adrian Lopez
Whoever tries has another thing coming because I archived this thread faggots
archive.is
Nathan Scott
Source?
Jacob Hernandez
Whoever tries is a faggot for another reason:
Landon Adams
Copied the that text from this link.
Ethan Roberts
Damn Google really has thought of everything
Why do they normally block JavaScript files though if that's the case?
Henry Cooper
Probably because it's more secure anyway.
The fun thing about bug bounties when they say shit like that is if you report it they'll fix it and you won't get anything for it.
If you found another bug that you could use this bug to exploit, and you told them how to do it, you could get something for it, but only if they deem it 'dangerous'.
At least Google doesn't sue you for pen-testing, like some other companies.
Landon Stewart
...
Gabriel Sullivan
I'm satisfied.
Chase Ramirez
Yeah OP-kun, you'd think that Google would get their shit together being the most famous website on the internet, but NOPE.
Josiah Ross
Now we need to find an Holla Forums exploit!