Google payloads

Wednesday, 30 January 2008

Description

Google has a cool free service for hosting open source projects which allows you to manage your source code over svn. You can also view the contents anonymously but because some files directly output their contents it’s possible to use this service to host malicious server reflected attacks. The lack of any form of CAPTCHA also makes it easy for an attacker to automate this process.

POC

The following proof of concept uses the anonymous feature to include a HTML file which really contains javascript:-
Google payload poc

Recommendation

All file types should be forced to download when viewing their contents anonymously

The entry 'Google payloads' was posted on January 30th, 2008 at 9:22 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses to “Google payloads”

  1. pdp writes:
    No. 1 — January 30th, 2008 at 12:31 pm

    of course, the problem is a lot deeper then that 🙂 here is a link to a paper: http://www.gnucitizen.org/blog/for-my-next-trick-hacking-web20

  2. Gareth Heyes writes:
    No. 2 — January 30th, 2008 at 12:39 pm

    Nice paper 😀

«
»