This is a low hanging bug ,I discovered in Google ,This blog is going to be to short and to the point.

I followed the usual Recon process after enumerating subdomains ,

I selected tried to check for popular vulnerabilities XSS,CSRF,SSRF and What not!!!

But couldn’t find anything .Then I tried to see the features in the website.There was an option to EMBED any site in a report .

I embeded a site and watched the request through BURP suite,I couldn’t believe my eyes ,Private link of the document was passed as referer header to the EMBEDED link.

referer leak
referer leak

The impact was that ,A user could EMBED a website which he doesn’t own ,But the website owner can get to know the user’s private link of the report by seeing his logs.

Reported the incident to Google VRP ,and recieved reward of $$$.

Moral:So look for low hanging bugs too ,They may sometimes be unnoticed.


Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store