Ability to login as google staff in Google Cloud Community
-Gaurav Bhatia (Bug Hunter, CTF Player)
Summary:-
While using Google Cloud Community I saw that there was a feature of creating an account which we usually don’t see in any other google domains. I simply created an account for accessing the website as a normal user and to see the various functionalities. I started with creating a post and when the post got created I remembered that after creating an account i didn’t get any email verification mail nor there was any email verification after creating a post. It means that there is verification of email after creating an account. This bug doesn’t have a great impact on the organization so I thought to escalate it to increase the impact.
I came up with the idea of what if we get a google staff privilege? For this i tried to create an account with test@google.com and the account successfully created.
And as shown in the picture i got the google staff privileges which gives the permission of uploading videos and replying to any other users being an internal google staff.
Steps To Reproduce:-
- Go to https://www.googlecloudcommunity.com/gc/user/userregistrationpage?dest_url=https%3A%2F%2Fwww.googlecloudcommunity.com%2Fgc%2FGoogle-Cloud%2Fct-p%2Fgoogle-cloud
- Create a account with mail id (test@google.com)
- Account successfully created without any requirement of email verification
- Finally, Got the privilege of replying to any member being an internal google staff.
Attack Scenario(Impact):-
An attacker can login as internal google staff and can spread malicious URLs, files, etc. Also an attacker can spread rumors among the communities being an internal google staff which makes a negative impression of google in people’s mind.
Timeline:-
- 2022–02–24: Initial Report to Google VRP
- 2022–02–24: Issue Triaged
- 2022–03–09: Internal bug report filed
- 2022–03–25: VRP issued reward($100)