mattmurphy at kc
Sep 15, 2002, 11:18 AM
Post #1 of 1
Babelfish is Altavista's automated translation tool. It is used by the
Altavista BabelFish XSS Hole
various "Translate" links on the site and in search results. A malformed
translation can result in cross-site scripting. By requesting a translation
of HTML, it is possible to execute script code as the AltaVista domain.
Initially, this hole presented a unique challenge -- exploiting the
applied across two languages. However, Babelfish creates a textarea with
the supplied data still intact, so exploitation is much easier. By starting
the translation with "</TEXTAREA>", an attacker can cause the original data
to be launched as well.
"The reason the mainstream is thought
of as a stream is because it is
- Author Unknown