How did it work?
A few of Google’s support forums (for instance, Webmaster Central)
allow users to embed external content in their posts. This content
includes links to external websites, search results, YouTube videos,
etc. When the post is actually submitted to the server, the URL to the
content is included in one of the POSTed fields, called
example looked like
The simplest example involved links to websites. By modifying the URL in
the example above, changing it from
requires user interaction like that is less than ideal.
The vulnerability mentioned here has been confirmed patched by the Google Security Team. I owe them a ton of thanks for organizing this program and giving me a chance to improve my skills.
Interested readers are encouraged to take a look at other vulnerabilities I’ve reported under Google’s Vulnerability Reward Program.