some days ago – 15th of August (2013) – I received the following email from Google Security Team about my latest Google Translate vulnerability:
This issue has been fixed and verified by a security engineer – feel free to test and see if we’ve missed anything.
Thanks for all your help!
Google Security Team
I cannot hide that, considering what happened in the previous months (read my previous post on this topic), I have been surprised and happy – I have to admit it – to receive an email from Google Security Team in order to inform me that they fixed this vulnerability, independently from the reward that I did not receive.
In the above email they proposed me to test again the vulnerability in order to establish if their fixing activities have been performed correctly.
Yesterday (1st September 2013) I carried out new tests and – unfortunately – I’ve verified that the vulnerability I discovered is still affecting Google Translate. After the analysis I’ve quickly contacted Google Security team in order to share the results of my tests with the purpose to patch as soon as possible this security issue.
I guess that I will share soon new information about this vulnerability.
I have discovered a new CSRF vulnerability on translate.google.com web site which could allow an attacker to insert items (Words/Phrases/Urls and related translations) into the user’s Phrasebook. Furthermore an attacker could also insert a potentially malicious Urls – into the above mentioned Phrasebook – towards which the victim could be redirected simply clicking on the “Go to <website>” right-click option on translate.google.com.
The vulnerability is related to a problem into the generation of “xt” anti-CSRF token which is not correctly associated with the user session, allowing an attacker to use any previous generated anti-CSRF parameter – for that specific user- in order to carry out this attack.
The simplest method used to bypass proxy blacklist filter (implemented for example on proxy squid) is to use Google Translate service which can simply become a web proxy. Let’s see how this can be done: suppose that you would like to go to ivanobinetti.com web site which is blocked by proxy blacklist. You only have to go to:
Be careful to select a destination language (that one in which you want to translate) different than original language. For example, if you have a english site you can select italian as destination language and, in general, you can select any language except english (which is original language).