Indian pentester discovers a flaw in Google Drive

March 17, 2013  By Pierluigi Paganini


As usual I was reading the news on The Hacker New security portal when a post attracted my attention, another security issue related to an IT giant, Google. The Indian penetration tester Ansuman Samantaray discovered a security flaw in Google drive that exposes millions of Google users to threat of phishing attacks.

Too bad that Google has ignored the warning underestimating the risks and replying to the researcher that

“It is just a mare phishing attempt,not a bug in Google”

On December 20th Ansuman Samantaray reported JavaScript Script Execution vulnerability in Google Drive Files but Google Security Team rejected it the day after. The thesis exposed by the researcher is that the flaw could be exploited for phishing attack.

An attacker could exploit the mode Google Drive preview the documents in the browser, he may execute code contained is a doc files as HTML/JavaScript just by changing the value of a parameter called “export” in the URL.

Analyzing in detail the URL used to upload or create a file on Google Drive/Docs is possible to note the value “download” for the attribute “export” that alow user to download the document.

https://docs.google.com/uc?authuser=0&id=0B6mcoM7O55_jWXp2N2FvdHBVTTg&export=download

The Indian pentester  demonstrated that if an attacker changes “export” parameter to “view“, the malicious code written in the document file created is executed by the browser.

https://docs.google.com/uc?authuser=0&id=0B6mcoM7O55_jWXp2N2FvdHBVTTg&export=view

GoogleDocFlawTest

 

The researcher at THN also provided proof of flaw, they uploaded a file on Google Drive and using the attribute value download.

https://docs.google.com/uc?authuser=0&id=0B6mcoM7O55_jZnZnV1ZEZThqaDA&export=download

meanwhile following there is the same link using view value for the export attribute.

https://docs.google.com/uc?authuser=0&id=0B6mcoM7O55_jZnZnV1ZEZThqaDA&export=view

The document contains a JavaScript code that displays a fake authentication box that request to the user to insert the password to re-authenticate him to the view of the document.

FakeAuthBox

Once submitted the password the scripts intercept it in a log file and redirect the user to Google Drive homepage.

 

PWDList

The hacker news Team revealed that Google Security Team in not new to similar error of evaluation of possible, last week another Google Drive Clickjacking Flaw was refused by Google, that later extends to phishing attack.

Pierluigi Paganini

(Security Affairs – Hacking)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

NIST - National Vulnerability Database website hacked

 The news is curious as it is worrying, unknown hackers have violated the US government repository of standards based vulnerability...