Monday, June 4, 2007

Google Files Left Unsecured

The Earl of Grey blog found an unprotected and already indexed Google URL – services.google.com:8882/urlconsole/controller, which now redirects to an “official” page – and was able to traverse an internal Google directory structure, as well as download a couple of files (some of which are now available publicly on other sites). The unprotected directory in question dealt with Google’s URL remover tool for webmasters. The files contained e.g. passwords of MySQL connections in a “Properties file for urlremover application”, references to internal Java libraries (like “com/google/common/EmailUtil”), database table structures, or internal program notes.

This security hole, which apparently was pretty serious (but didn’t contain your data – actual user data, that is) is plugged now, and The Hacker Webzine has screenshots along with more information for reference.

[Thanks TomHTML!]

Google Files Left Unsecur ... by Philipp Lenssen | Comments (10)

>> More posts

Advertisement