Friday 11 April 2014
0 comments

Unpatched Google Vulnerabilities That Can Aid Cyber Attacks


Unpatched Google Vulnerabilities That Can Aid Cyber Attacks. Whatever Google has denied these vulnerabilities but these links can be use for hacker friendly. Attacker can use these links for Social engineering and phishing attacks.



When i convert this korean website in Google translate i got a pop up .. and but this cross site scripting in google user content sandbox domains. Google denied to give bounty for this
googleusercontent.com domain.

Vulnerable Link:
http://translate.google.com/translate?hl=en&sl=ko&u=http://www.inven.co.kr/board/powerbbs.php%3Fcome_idx%3D2608%26l%3D323203&prev=/search%3Fsafe%3Dactive%26tbs%3Dsbi:AMhZZitSp-gC8gU-U7f9dQOyrsXULajpr2V2JVZ-rsOXCAwFRYcO72sHGTiOS5JpfACLQvzP0y0qZaEhoXHYEXvOhv_13qaxIscNPk5X_1shYemv1971jdOquWR0b48Y_14mwZOYcIGFs2IZ2CxyPgzBwAYzZqqIc3lfdtw6ioC9sb3Orpao_1oSHPdfEc7IoNtUd9l0JxH6nEy8aWcwx3oBpe7YW63dyjVZIO7ApSRVB_1whNHkG8ZAV66zgfn9rnuih7fRwnjKViq8mSzbxfj90STdH10pZKDjJBRQk0ZgKUrRVAhdPVhljI0hHK8ywRxcPUua3bhkBvQyHu18x4d1HhtpXuwnsxNdfJxZKXd8fJIMrhNFHHyCrnHRoiMYDn6yi9vPsgwVkZPOZcfbeukFw-eplhlmIUr0KkPc56QwtYaPqhhFpg4cR_1ZhZ6d_1eyfxDTaJ3aZ3iz-aDRx0HBosY3pCThRJ_1az4ZwzbniVogudc-LfbAyqwbH9BUfZtfmKLQUeSf8FGKzuikUZSN54qwzvTOs1grYtowP2R5grm9slnEG6jn7L1sIWQn-P46PS9ybk-LXr7fX-OwwGvrkLA02Atw0wmMi6cmYbklghCIDmafU3v1LhrTYBuI_1Vwp5HYzKN2xxyfPw5aVDuLGd5RMG-QFnaYEKZEjO6uA4LaRo0XMnPEcu5mlr3tkZ7pKqBHvc-cGy-PQC_1PaFJebRKGFtdMrfNLwtAEjBaeyVVGBzwvSgWuiMAGecSJHITzV3aqVJaFmkC0ajgY9wTDR0OarmACr2k2uHv8erTN-ko8OSLfyvFlhQj7mypKwkSUpIU9yA59WFwH6zCY8FwEUwJw-gm5_1-wO3anzsu7Gm2unVOVKY81tSBsn8rxXgU3SlzNM3aFOr5h3yl8yXV4nStdkJg2j4dFwPpUqwsgGYEr-KG4m342xn3MHug7DQ1CdG_1sI4c6RSk9ttcHk_15_1rQhH-g_104Yme0QOxuX_152ZBmCHHVf7E-RRxWCCWWpJDxuGwEIwUQaXfKaGWcwRTa2H5hDmxe5I53_1cOzIxDAGoogle replied us:
"Thanks for your bug report! The domain in which the feature is hosted is specifically meant as a compartmentalized "sandbox" for various types of potentially unsafe, user-controlled content. This domain is isolated from any sensitive content due to the same-origin policy.
Cross-site scripting vulnerabilities in “sandbox” domains. We maintain a number of domains that leverage the same-origin policy to safely isolate certain types of untrusted content; the most prominent example of this is *.googleusercontent.com. Unless an impact on sensitive user data can be demonstrated, we do not consider the ability to execute JavaScript in that domain to be a bug."


Google Redirect Vulnerability links:

http://www.google.com/search?source=www.hackersonlineclub.com&hl=www.hackersonlineclub.com&q=www.hackersonlineclub.com.com&btnG=www.hackersonlineclub.com&btnI=www.hackersonlineclub.com


http://www.google.com/search?btnI&q=allinurl:http://www.hackersonlineclub.com/

http://www.google.com/url?q=http://www.hackersonlineclub.com/&ei=cQ1IU4vHC82uiQe7xIGwCA&sa=X&oi=unauthorizedredirect&ct=targetlink&ust=1397232761191886&usg=AFQjCNGdd3PrQL9wug72HPtnsEHKLqUT6Q


But Google denied URL redirection for Bug Bounty company said,

"URL redirection. We recognize that the address bar is the only reliable security indicator in modern browsers; consequently, we hold that the usability and security benefits of a small number of well-designed and closely monitored redirectors outweigh their true risks."

Some Google Non qualifying Vulnerabilities are:

Execution of owner-supplied JavaScript in Blogger. Blogs hosted in *.blogspot.com are no different from any third-party website on the Internet. For your safety, we employ spam and malware detection tools, but we do not consider the ability to embed JavaScript within your blog to be a security bug.

Legitimate content proxying and framing. 

We expect our services to unambiguously label third-party content and to perform a number of abuse-detection checks, but as with redirectors, we think that the value of products such as Google Translate outweighs the risk.

Bugs requiring exceedingly unlikely user interaction. 

For example, a cross-site scripting flaw that requires the victim to intentionally type in an XSS payload into a search field in Google Maps may have negligible impact in all practical cases.

Logout cross-site request forgery. 

For better or worse, the design of HTTP cookies means that no single website can prevent its users from being logged out; consequently, application-specific ways of achieving this goal will likely not qualify. You may be interested in personal blog posts from Chris Evans and Michal Zalewski for more background.

Flaws affecting the users of out-of-date browsers and plugins. 

The security model of the web is being constantly fine-tuned. The panel will typically not reward any problems that affect only the users of outdated or unpatched browsers. In particular, we exclude Internet Explorer prior to version 9.

Presence of banner or version information.
 

Version information does not, by itself, expose the service to attacks - so we do not consider this to be a bug. However, if you find an outdated version of software and can confirm that it's vulnerable to a particular flaw, please let us know. 

Disclaimer: All these links only educational purpose, we are not responsible for any kind of illegal activities of these vulnerability. 

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

 
Toggle Footer
Top