strangetruenews

How researchers hack Google using XXE vulnerability !

What is most secure website? NOTHING .  Even Google is vulnerable to all sort of attacks! Security researchers and Co-Founders of Detectify ...

What is most secure website? NOTHING.  Even Google is vulnerable to all sort of attacks!

Security researchers and Co-Founders of Detectify have discovered a critical security vulnerability in Google that allowed them to access Internal servers.

The vulnerability exists in the Google Toolbar button gallery.  The page allows users to customize their toolbar with buttons. It also allows users to create their own buttons by uploading XML file containing various meta data.

Researchers identified this function is vulnerable to XML External Entity vulnerability.

By sending a crafted XML file, researchers are able to gain access to internal files stored in one of Google's product server.  They have managed to read the 'etc/passwd' and 'etc/hosts' files of the server. 

By exploiting this vulnerability, researchers could have accessed any files on the Google's server, also they could have done SSRF Exploitation to access internal systems.

Google has rewarded the researchers with $10,000 for finding and reporting this vulnerability. 

Related

XXE Vulnerability 4091768144785283920

Post a Comment Default Comments Disqus Comments

emo-but-icon

Weather Today!

Read More News

Random Article

Hot in week

Popular Posts

Recent

STN

Comments

item