Google Blogoscoped

Monday, June 4, 2007

Google Files Left Unsecured

The Earl of Grey blog found an unprotected and already indexed Google URL – services.google.com:8882/urlconsole/controller, which now redirects to an “official” page – and was able to traverse an internal Google directory structure, as well as download a couple of files (some of which are now available publicly on other sites). The unprotected directory in question dealt with Google’s URL remover tool for webmasters. The files contained e.g. passwords of MySQL connections in a “Properties file for urlremover application”, references to internal Java libraries (like “com/google/common/EmailUtil”), database table structures, or internal program notes.

This security hole, which apparently was pretty serious (but didn’t contain your data – actual user data, that is) is plugged now, and The Hacker Webzine has screenshots along with more information for reference.

[Thanks TomHTML!]

Google Files Left Unsecur ... by Philipp Lenssen | Comments (10)

>> More posts

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement (advertise here?) Find the right keywords for your campaigns at KeywordDiscovery.com Google Apps Hacks (book)
Google Me - The Movie

 

This site unofficially covers Google™ and more with some rights reserved. You can subscribe to the feed, email your tips (alternatively use the non-Gmail email), and join our forum!