$36k Google App Engine RCE
In Summary : In early 2018 I got access to a non-production Google App Engine deployment environment, where I could use internal APIs and ...
https://updatesinfosec.blogspot.com/2018/05/36k-google-app-engine-rce.html
In Summary :
In early 2018 I got access to a non-production Google App Engine deployment environment, where I could use internal APIs and it was considered as Remote Code Execution due to the way Google works. Thanks to this I got a reward of $36,337 as part of Google Vulnerability Rewards Program. Some time ago, I noticed every Google App Engine (GAE) application replied to every HTTP request with a "
kindly refer the following link as follow up :
https://ift.tt/2s2ZCWz
In early 2018 I got access to a non-production Google App Engine deployment environment, where I could use internal APIs and it was considered as Remote Code Execution due to the way Google works. Thanks to this I got a reward of $36,337 as part of Google Vulnerability Rewards Program. Some time ago, I noticed every Google App Engine (GAE) application replied to every HTTP request with a "
X-Cloud-Trace-Context" header, so I assumed any website returning that header is probably running on GAE. Thanks to that, I learned "appengine.google.com"
itself runs on GAE, but it can perform some actions that cannot be done
anywhere else and common user applications cannot perform, so I tried
to discover how was it able to do those actions. Obviously, it has to
make use of some API, interface or something only available to
applications ran by Google itself, but maybe there was a way to access
them, and I looked for that [...]kindly refer the following link as follow up :
https://ift.tt/2s2ZCWz
