Translate.google.com | CSRF Vulnerability

I  have discovered a new CSRF vulnerability on translate.google.com web site which could allow an attacker to insert items (Words/Phrases/Urls and related translations) into the user’s Phrasebook. Furthermore an attacker could also insert a potentially malicious Urls – into the above mentioned Phrasebook – towards which the victim could be redirected simply clicking on the “Go to <website>” right-click option on translate.google.com.
The vulnerability is related to a problem into the generation of “xt” anti-CSRF token which is not correctly associated with the user session, allowing an attacker to use any previous generated anti-CSRF parameter – for that specific user- in order to carry out this attack.

For more details, please read my original Advisory:
CSRF Vulnerability on translate.google.com

My research has been also published on PacketStorm:
Google Translate Cross Site Request Forgery

Update (15 August, 2013): I received an email by Google Security Team:

Hello,
This issue has been fixed and verified by a security engineer – feel free to test and see if we’ve missed anything.
Thanks for all your help!

Regards,
Google Security Team

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>