Google Adservice - Arbitrary Text Reflected

2020.09.24
Risk: Low
Local: No
Remote: Yes
CVE: N/A

############################################################# # Exploit Title: Google Adservice - Arbitrary Text Reflected # Google Dork: site:adservice.google.com # Date: 2020-09-24 # Exploit Author: Gh05t666nero # Team: IndoGhostSec # Vendor: google.com # Software Version: * # Software Link: N/A # Tested on: Linux 4.14.117-perf+ #2 SMP PREEMPT Tue Sep 15 17:54:50 CST 2020 aarch64 Android ############################################################# [*] Vuln Info: ============ This vulnerability is suffered by all Google adservice subdomains worldwide, in other words adservice.google.* This vulnerability poisoned the title on the adservice subdomain which resulted in us being able to inject arbitrary texts so that the existing title on our target will experience changes according to our will. ############################################################# [*] Google Response: ================= buganizer-system@google.com Changed component: 310426 → 310543 status: New → Intended Behavior mo...@google.com added comment #4: Hey, We've investigated your submission and made the decision not to track it as a security bug. Reflecting text in a web application or an e-mail message is a known issue with too little practical impact, if the resulting text/HTML is sanitized and allows only for a limited formatting (e.g. XSS is not possible). Please read here for our rationale for this issue. This report will unfortunately not be accepted for our VRP. Only first reports of technical security vulnerabilities that substantially affect the confidentiality or integrity of our users' data are in scope, and we feel the issue you mentioned does not meet that bar. If you think we've misunderstood, please do let us know! _______________________________ Reference Info: 169154143 other in adservice.google.com (WebApps) component: 310543 status: Intended Behavior reporter: gh05t666nero@gmail.com cc: gh05t666nero@gmail.com, wo...@google.com type: Customer Issue priority: P4 severity: S4 retention: Component default [i] Yep, they consider this vulnerability valid but at the same time they consider it Out of Scope because this vulnerability will not threaten Google users ############################################################# [*] Vulnerable path: ================ /ddm/fls/[Payload] ############################################################# [*] Demo: ======= https://adservice.google.com/ddm/fls/poisoned%20by%20gh05t666nero%20ft%20indoghostsec https://adservice.google.co.id/ddm/fls/poisoned%20by%20gh05t666nero%20ft%20indoghostsec https://adservice.google.co.uk/ddm/fls/poisoned%20by%20gh05t666nero%20ft%20indoghostsec https://adservice.google.co.kr/ddm/fls/poisoned%20by%20gh05t666nero%20ft%20indoghostsec ############################################################# [*] Contact: ========= # Website: www.anonsec.my.id # Telegram: t.me/Gh05t666nero # Instagram: instagram.com/ojan_cxs # Twitter: twitter.com/Gh05t666nero1

References:

https://issuetracker.google.com/issues/169154143
https://zone-d.org/attacker/id/2078


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top