My fist Google Hall of Fame

> Published On September 26, 2016

> By severus


ThaiDN asked me “Did you have any Google’s bug ?”. I replied “Oh, I have no any bug of Google…”.

I found domain csquarednet.com and some sub domain such as: logging, auth, chef… All of them will be redirected to https://auth.csquarednet.com/. When I enter https://auth.csquarednet.com/test, it’s redirected to https://test.csquarednet.com. It seems to be open redirect problem if I can stripped .csquarednet.com.

I try https://auth.csquarednet.com/test.com%0D%0A and then I follow url to test.com. It’s vulnerable. Because it always returns 302, then I can only set cookie for sub domain…

Some other domains have the same problem. I submitted and asked Google “Did it have the same root cause ?”. Martin from Google confirmed it has same root cause and duplicated with previous report. Nice answer.

I contacted Google and received response quickly. The problem’s fixed now.

Thank you Google for Hall of Fame.

Credit: HoangDoan for non-technical advise.

  • Motivation: some guys call me a loser when I have no bachelor’s degree

Tags: bug bounty security google

Comments:

comments powered by Disqus

© 2018 - Security Researchers Team. All rights reserved
Built using Jekyll