January 31, 2014

True Tales About Vulnerabilities in Google Services

Story 1. The Little Content Type that Could

The vulnerability was found in Feedburner. First, I created a feed and tried to inject malicious data. No success there. Injected data just wouldn’t show up, only harmless links were presented. I took a few more attempts and then I found lots of messages from PodMedic. PodMedic examines links in every feed. If it finds troubles in creating a feed, it reports the cause of such troubles. The messages read that links are incorrect because the content type returned was a text type.

Hmm. Ok. I bet the content type on this page isn't filtered. A simple script for my server:

; charset=UTF-8'); ?>

And here it is: