Hey Holla Forums, I think I've just discovered a potential security hole in Googles services;
>upload it to; translate.google.com
So who's ready to fuck Googles shit up?
Hey Holla Forums, I think I've just discovered a potential security hole in Googles services;
>upload it to; translate.google.com
So who's ready to fuck Googles shit up?
Other urls found in this thread:
google.com
archive.is
twitter.com
...
Holla Forums is dead, try another board if you want anything other than ponies and gay porn
what happens
The script gets executed, this isn't supposed to happen, Google Translate normally blocks uploading files with a Javascript MIME type and will usually detect if a file contains JS code, but do to an oversight it runs scripts just fine with a .tpl extension
Someone could upload a malicious script to Googles servers basically
Why haven't you done anything OP?
I don't know how to javascript, I just discovered a bug and wanted to share it to get something going
I doesnt do anything it just comes up as an error saying the file is already in english, i honestly do know what you think it would do
rename some variables to Chinese letters m8
OP here
Sorry, I forgot the .tpl has to contain some other language somewhere like Chinese
Add a code comment and some foreign symbols
yeah, was just about to say it doesnt work
doesnt work
If it's commented out on the file you upload, then why would you think it would not be commented when they run it?
OP here
Just take a look at the content of a tesy template file I have from some webpage
setTimeout(function(){window.location="{{HOMEPAGE}}";}, 2000);{{CONTENT}}, 2s后返回主页. setTimeout(function(){window.location="{{HOMEPAGE}}";}, 2000); 成功发表新串, 2s后返回主页. setTimeout(function(){window.location="/thread/{{THREAD_NO}}";}, 2000); 回复成功, 2s后返回No.{{THREAD_NO}}. setTimeout(function(){window.location="/admin";}, 2000);登录成功 ({{COOKIE}}), 2s后返回控制面板.已上传图像:
Save this as a .tpl and it should work
This one worked for me, not sure how its any different than other shit but it worked
Yeah, every time I try to do some random Javascript it blocks me
This one does indeed work for me though, so it must have something to do with the formatting for Google not to detect code and block it
Does Google do exploit bounties?
I meant ad a comment at the bottom of the file dipshit
All they have is a bug report form, they don't give you shit but some recognition I believe
Holy shit user you broke Google
Hope you niggers are behind 7 proxies
but its not really qualified
If it has you executing code on their servers, they will want it
This is why we don't raid anymore whiteknight faggots
hang yourself.
So does this mean the script is executed on Googles servers and not locally?
holy shit this is huge, how the fuck did they miss this?
Who here knows how to get SQL database info from JS?
>>>Holla Forums
so your browser executes a script not the server…? server is just serving back what you serverd not executing, that is done by your own computer right?
Wrong, see;
Google is executing the script and serving output from translate.googleusercontent.com
The script is definitely being ran on Googles end as it's ran through the translator
Google typical blocks all JavaScript uploads, the formatting of the template file seems to bypass it somehow, I think it just has more to do with the formatting, you basically create a .tpl file with inline JavaScript and Google will run it on their servers
Now we just need to write an SQL injection script
>>>Holla Forums
Holla Forums is a bunch of squares, they'll never help us…
don't know till you try
They don't seem to be tok helpful tbh
>>>Holla Forums592322
welp rip
dubs checked
So who's the faggot who is going to claim credit for this and submit a bug bounty to Google for money?
You people are all wasted opportunities
Oh never mind this doesn't qualify if it's executed on translate.googleusercontent.com
"Cross-site scripting vulnerabilities in “sandbox” domains We maintain a number of domains that leverage the same origin policy to safely isolate certain types of untrusted content; the most prominent example of this is*.googleusercontent.com. Unless an impact on sensitive user data can be demonstrated, we do not consider the ability to execute JavaScript in that domain to be a bug."
Whoever tries has another thing coming because I archived this thread faggots
archive.is
Source?
Whoever tries is a faggot for another reason:
Copied the that text from this link.
Damn Google really has thought of everything
Why do they normally block JavaScript files though if that's the case?
Probably because it's more secure anyway.
The fun thing about bug bounties when they say shit like that is if you report it they'll fix it and you won't get anything for it.
If you found another bug that you could use this bug to exploit, and you told them how to do it, you could get something for it, but only if they deem it 'dangerous'.
At least Google doesn't sue you for pen-testing, like some other companies.
...
I'm satisfied.
Yeah OP-kun, you'd think that Google would get their shit together being the most famous website on the internet, but NOPE.
Now we need to find an Holla Forums exploit!