My fist Google Hall of Fame
> By severus
ThaiDN asked me “Did you have any Google’s bug ?”. I replied “Oh, I have no any bug of Google…”.
I found domain
csquarednet.com and some sub domain such as:
chef… All of them will be redirected to
https://auth.csquarednet.com/. When I enter
https://auth.csquarednet.com/test, it’s redirected to
https://test.csquarednet.com. It seems to be open redirect problem if I can stripped
https://auth.csquarednet.com/test.com%0D%0A and then I follow url to
test.com. It’s vulnerable. Because it always returns 302, then I can only set cookie for sub domain…
Some other domains have the same problem. I submitted and asked Google “Did it have the same root cause ?”. Martin from Google confirmed it has same root cause and duplicated with previous report. Nice answer.
I contacted Google and received response quickly. The problem’s fixed now.
Thank you Google for Hall of Fame.
Credit: HoangDoan for non-technical advise.
- Motivation: some guys call me a loser when I have no bachelor’s degree
Tags: bug bounty security google