News

Security company gains read access on Google server

By admin
Spread the love

Researchers at a Swedish security company have managed to gain read access to a Google production system. This allowed them to read all local files and possibly break into the Google network further.

In their attempt to break into a Google server, Detectify’s researchers sought an outdated piece of the search engine, where developers can submit their own buttons for the Google Toolbar. For this, among other things, XML code with style elements must be uploaded.

However, the Toolbar Button gallery’s xml parser failed to check which files were loaded from the xml file. As a result, the researchers could in principle read any file, including files with passwords. These were local passwords used for system administration, not user passwords.

Potentially, however, the researchers could have dug much further: they could have gathered knowledge of the internal Google network to access other servers on the network, for example. Potentially, the vulnerability that the researchers abused, a so-called XML external entity, also offers the possibility to execute own code or a denial of service.

Whether that was also possible in this case is not clear: the researchers chose to report the security problem to Google. In exchange, they received a reward of 10,000 dollars, converted approximately 7200 euros.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Brave sells web content as data for AI training

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

GitHub enables passwordless login via passkeys in beta