- Nov 5, 2011
- 5,855
How we got read access on Google’s production servers : on blog.detectify.com : http://blog.detectify.com/post/82370846588/how-we-got-read-access-on-googles-production-servers
To stay on top on the latest security alerts we often spend time on bug bounties and CTF’s. When we were discussing the challenge for the weekend, Mathias got an interesting idea: What target can we use against itself?
Of course. The Google search engine!
What would be better than to scan Google for bugs other than by using the search engine itself? What kind of software tend to contain the most vulnerabilities?
By combining one thing with another, we started Google dorking for acquisitions and products to antique systems without any noticeable amount of users.
One system caught our eyes. The Google Toolbar button gallery. We looked at each other and jokingly said “this looks vuln!”, not knowing how right we were.
Not two minutes later ..
..
We contacted Google straight away while popping open some celebration beers. After 20 minutes we got a reply from Thai on the Google Security Team. They were impressed. We exchanged a few emails on the details back and forth during the coming days. In our correspondence we asked how much the vulnerability was worth. This is what we received as reply:
Read MORE on the website, please ..
If Google can get hacked, are you sure your service is secure? Try Detectify here and see for yourself.
To stay on top on the latest security alerts we often spend time on bug bounties and CTF’s. When we were discussing the challenge for the weekend, Mathias got an interesting idea: What target can we use against itself?
Of course. The Google search engine!
What would be better than to scan Google for bugs other than by using the search engine itself? What kind of software tend to contain the most vulnerabilities?
- Old and deprecated software
- Unknown and hardly accessible software
- Proprietary software that only a few people have access to
- Alpha/Beta releases and otherwise new technologies (software in early stages of it’s lifetime)
By combining one thing with another, we started Google dorking for acquisitions and products to antique systems without any noticeable amount of users.
One system caught our eyes. The Google Toolbar button gallery. We looked at each other and jokingly said “this looks vuln!”, not knowing how right we were.
Not two minutes later ..
..
We contacted Google straight away while popping open some celebration beers. After 20 minutes we got a reply from Thai on the Google Security Team. They were impressed. We exchanged a few emails on the details back and forth during the coming days. In our correspondence we asked how much the vulnerability was worth. This is what we received as reply:
Read MORE on the website, please ..
If Google can get hacked, are you sure your service is secure? Try Detectify here and see for yourself.
Last edited: