A young hacker from the Czech Republic discovered one security gap in one of Google's support applications.
If it was exploited by someone with malicious intent the mistake could allow hackers να υποκλέψουν cookies των υπαλλήλων της Google για εσωτερικές εφαρμογές και να καταλάβουν τους λογαριασμούς τους. Μετά θα μπορούσαν να ξεκινήσουν εξαιρετικά πειστικές απόπειρες ηλεκτρονικού ψαρέματος, που θα τους παραχωρούσε access in many other parts of Google's internal network.
The security gap discovered by researcher Thomas Orlita in February 2019. Fixed in mid-April, but published only now.
Vulnerability was one cross-site scripting (XSS), και βρέθηκε στην πύλη υποβολής τιμολογίων της Google, ένα δημόσιο domain που ανακατευθύνει η Google τους επιχειρηματικούς users of the invoicing platform.
Most cross-site scripting (XSS) vulnerabilities are not considered as dangerous but there are cases that can lead to very serious problems.
One of these cases was the discovery of Orlita. The researcher said that a malicious user could upload his own files to the Google Invoice Submission Portal, via Upload Invoice.
Using a proxy the attacker could prevent the Google Invoice Submission Portal from changing the PDF document (after the submission and validation of the form) and modifying it into HTML, with malicious XSS load.
The malicious document would be stored in Google's billing backend and wait for someone to open it.
“Το XSS τρέχει σε ένα subdomain του googleplex.com και ενώ ο εργαζόμενος είναι συνδεδεμένος, ο εισβολέας μπορεί να έχει access on the board control του subdomain από όπου είναι δυνατή η projection και διαχείριση των τιμολογίων”, ανέφερε ο Orlita στο ZDNet.
"Depending on how cookies are configured on googleplex.com, it may be possible to access other internal applications hosted on this domain," the researcher added.
So since most of Google's internal applications are hosted on the googleplex.com domain, this gives attackers a lot of possibilities.
Of course, like most security vulnerabilities XSS, the risk of error depends on the hacker's skill level, and his ability to carry out more complex attacks.
For more technical details you can read Orlita publication.
_________________
- Windows 10 build 18917 ISO with Microsoft's first Linux kernel
- Windows 10 20H1 download the official ISO images
- Check Point: Top Malware in Greece April 2019
- How dangerous is 5G for human health?
