A young hacker from the Czech Republic discovered a security loophole in one of Google's support applications.
If someone with malicious intent exploited it error could allow hackers to steal Google employees' cookies for internal applications and take over their accounts. Then they could launch highly convincing phishing attempts, which would give them access to many other parts of Google's internal network.
The security loophole was discovered by researcher Thomas Orlita in February 2019. It was fixed in mid-April, but has only just been published.
The vulnerability was a cross-site scripting (XSS), and was found in Google's invoicing portal, a public domain that Google redirects business users of the platform to submit invoices.
Most cross-site scripting (XSS) vulnerabilities are not considered as dangerous but there are cases that can lead to very serious problems.
One of these cases was the discovery of Orlita. The researcher said that someone maliciousThe user could upload their own files to the Google Invoice Submission Portal, via Upload Invoice.
Χρησιμοποιώντας κάποιο proxy ο εισβολέας θα μπορούσε να παρεμποδίσει το Google Invoice Submission Portal να αλλάξει το PDF έγγραφο (μετά τη διεξαγωγή της διαδικασίας υποβολής και επικύρωσης της φόρμας) και να το τροποποιήσει σε HTML, με malicious φορτίο XSS.
The malicious document would be stored in Google's billing backend and wait for someone to open it.
“The XSS runs on a subdomain of googleplex.com and while the employee is logged in, the attacker can access the subdomain's control panel from where it is possible to view and management of tariffs," Orlita told ZDNet.
"Depending on how cookies are configured on googleplex.com, it may be possible to access other internal applications hosted on this domain," the researcher added.
So since most of Google's internal applications are hosted on the googleplex.com domain, this gives attackers a lot of possibilities.
Of course, like most things security gaps XSS, the vulnerability of the bug depends on the skill level of the hacker, and his ability to perform more complex attacks.
For more technical details you can read Orlita publication.
_________________
- Windows 10 build 18917 ISO with Microsoft's first Linux kernel
- Windows 10 20H1 download the official ISO images
- Check Point: Top Malware in Greece April 2019
- How dangerous is 5G for human health?