asd
HomeBug BountyStored XSS and SSRF in Google using Dataset Publishing Language

Stored XSS and SSRF in Google using Dataset Publishing Language

$18337 XSS and SSRF Google Dataset – In 2018  Security researcher [@signalchaos] uncovered critical vulnerabilities within Google’s Public Data Explorer, shedding light on of potential stored XSS attacks and SSRF exploits.

The Dataset Publishing Language (DSPL), a core component of the Explorer’s functionality, was identified as the focal point for these security concerns.

The vulnerability stems from the Google Public Data Explorer’s use of dataset metadata without implementing robust context-aware encoding or validation. Exploiting this flaw involves manipulating metadata values within a sample dataset, enabling threat actors to inject malicious JavaScript payloads.

Specifically, by altering the name value in the dataset.xml file, attackers could execute arbitrary JavaScript within the secure confines of www.google.com.

To emphasize the severity of the issue, a video proof-of-concept (POC) was provided, demonstrating the successful execution of a stored XSS attack on www.google.com (watch the video here1 or here2).

The process entails crafting Dataset Publishing Language bundles, subtly manipulating metadata, and then publicly sharing the compromised dataset.

 

Lead to SSRF (port scan)

Moreover, DSPL’s functionality, designed to fetch data from remote sources, introduced a secondary threat. The researcher identified that this feature, if exploited, could lead to SSRF attacks, enabling threat actors to access local services.

A crafted dataset.xml file exemplified this, attempting to retrieve data from ftp://0.0.0.0:22, which exposed the local SSH banner response—a service not publicly accessible.

 

USD 18000 Total Bounty for XSS and SSRF Google Dataset

The researcher responsibly disclosed these vulnerabilities to Google in January 2018. By February of the same year, Google verified and promptly addressed the reported issues. Recognizing the gravity of the flaws, Google’s Vulnerability Rewards Program (Google VRP) awarded the researcher $5000 for the stored XSS issue and an additional $13337 for the SSRF vulnerability.

This incident underscores the ongoing necessity for robust security measures in data visualization tools. Google’s proactive response reflects a commitment to fortifying the security of its Public Data Explorer, underscoring the broader industry’s continuous efforts to mitigate emerging cybersecurity threats. As digital landscapes evolve, vigilance and swift action remain paramount in safeguarding against potential exploits.

 

Link to read full write up: here

Save the PDF here

Christin
Christinhttps://secry.me/explore
A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3 × two =

Most Popular

GOOGLE ADVERTISEMENT

- Advertisement -