Google payloads

Description

Google has a cool free service for hosting open source projects which allows you to manage your source code over svn. You can also view the contents anonymously but because some files directly output their contents it’s possible to use this service to host malicious server reflected attacks. The lack of any form of CAPTCHA also makes it easy for an attacker to automate this process.

POC

The following proof of concept uses the anonymous feature to include a HTML file which really contains javascript:-
Google payload poc

Recommendation

All file types should be forced to download when viewing their contents anonymously

2 Responses to “Google payloads”

  1. pdp writes:

    of course, the problem is a lot deeper then that :) here is a link to a paper: http://www.gnucitizen.org/blog/for-my-next-trick-hacking-web20

  2. Gareth Heyes writes:

    Nice paper 😀