Latest: Digital For Tech News Click Here

Monday, 21 April 2014

Researchers got Rewarded by $10,000 for Reporting XXE Vulnerability in Google

place Google AdSense code here

A critical bug XXE vulnerability has been found by researchers which let researchers access the internal files of Google's production servers. Sounds surprising but it has been really found by hackers which let hackers read any internal files.

As shown, the vulnerability was in Google Toolbar Button Gallery. Team of Researchers found a bug when they noticed that google allows users to customize their toolbars with adding new buttons. For developers its easy to make their own new buttons by uploading XML files containing Meta Data for styling.

This vulnerability can be called as "XML External Entity(XXE)" or "XML Injection". The researchers crafted there own buttons, by uploading it they gained access to internal files of Google Production server like they managed to read "/etc/passwd" and "/etc/hosts".

The team of researchers reported the vulnerability to Google  as we all know , Google is having a famous bug bounty program, When they reported XXE vulnerability to Google so they rewarded the researchers which $10,000 for identifying bug in search engine's feature.

0 comments: Post Yours! Read Comment Policy ▼
We have Zero Tolerance to Spam. Chessy Comments and Comments with Links will be deleted immediately upon our review.

Post a Comment

Copyright © 2013 MyBloggerBlog Template All Right Reserved
Designed by MyBloggerBlog | Powered by Blogger