#############################################################
# Exploit Title: Google Groups - Public File Disclosure (Sensitive Info)
# Google Dork: site:googlegroups.com ext:txt "password:"
# Date: 2020-12-09
# Exploit Author: Gh05t666nero
# Team: IndoGhostSec
# Vendor: groups.google.com
# Software Version: *
# Software Link: N/A
# Tested on: Linux gh05t666nero 5.9.0-kali2-686-pae #1 SMP Debian 5.9.6-1kali1 (2020-11-11) i686 GNU/Linux
#############################################################
[*] Vuln Info:
==============
Google confirmed that this was an index configuration error which resulted in the leakage of files containing sensitive information such as usernames, passwords, server log records, etc. but Google considers this to be out of scope as in the report issue #174821762,
Google said:
"Thanks for your input. We think the issue might not be severe enough for us to track it as an abuse risk.
When we file an abuse risk bug to product teams, we impose monitoring and escalation processes for teams to follow, and the abuse risk described in this report does not meet the threshold that we would usually require for this type of escalations on behalf of our team.
To provide feedback about our products, you can also use our
Google Product Forums, where you can share your feedback with other users and our product team.
That said - if you think we misunderstood your report, and you see a well defined abuse risk, please let us know what we missed.
Regards,
Singh, Google Trust & Safety"
#############################################################
[*] Exploit:
============
/group/[GroupName]/attach/[UniqueCode]/[FileName.ext]
#############################################################
[*] Demo:
=========
https://0758a63b-a-62cb3a1a-s-sites.googlegroups.com/site/eduvinasco/assignments/actividadincapprogramacion/Instrucciones.txt
https://googlegroups.com/a/onosproject.org/group/onos-discuss/attach/209bc307d6be17/PingallExample.txt
#############################################################
[*] Contact:
============
# Website: www.anonsec.my.id
# Telegram: t.me/Gh05t666nero
# Instagram: instagram.com/ojan_cxs
# Twitter: twitter.com/Gh05t666nero1