Google payloads

By Gareth Heyes (@hackvertor)

Published 18 years 4 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

Description

Google has a cool free service for hosting open source projects which allows you to manage your source code over svn. You can also view the contents anonymously but because some files directly output their contents it's possible to use this service to host malicious server reflected attacks. The lack of any form of CAPTCHA also makes it easy for an attacker to automate this process.

POC

The following proof of concept uses the anonymous feature to include a HTML file which really contains javascript:- Google payload poc

Recommendation

All file types should be forced to download when viewing their contents anonymously

← Back to articles

Google payloads

By Gareth Heyes (@hackvertor)

Published 18 years 4 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

← Back to articles

Description

POC

The following proof of concept uses the anonymous feature to include a HTML file which really contains javascript:- Google payload poc

Recommendation

All file types should be forced to download when viewing their contents anonymously

← Back to articles