GOOGLE REFERER LEAK BUG

jayateertha guruprasad
Sep 15 · 1 min read

This is a low hanging bug ,I discovered in Google ,This blog is going to be to short and to the point.

I followed the usual Recon process after enumerating subdomains ,

I selected https://datastudio.google.com.I tried to check for popular vulnerabilities XSS,CSRF,SSRF and What not!!!

But couldn’t find anything .Then I tried to see the features in the website.There was an option to EMBED any site in a report .

I embeded a site and watched the request through BURP suite,I couldn’t believe my eyes ,Private link of the document was passed as referer header to the EMBEDED link.

referer leak
referer leak

The impact was that ,A user could EMBED a website which he doesn’t own ,But the website owner can get to know the user’s private link of the report by seeing his logs.

Reported the incident to Google VRP ,and recieved reward of $$$.

Moral:So look for low hanging bugs too ,They may sometimes be unnoticed.

Link to GOOGLE HOF:https://bughunter.withgoogle.com/profile/46aa4887-b189-4d69-bda2-8f2f5fc569be

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade