Shulou(Shulou.com)05/31 Report--

This article introduces you to bypass restrictions on access to the Google internal management system example analysis, the content is very detailed, interested friends can refer to, hope to be helpful to you.

traces

One day, in the process of exploiting Google vulnerabilities, I found some IP addresses of Google's own services in the public vulnerabilities. At first, I really didn't know what these IP addresses could do.

I first checked these IP addresses and further found that they included some of Google's internal IP. It suddenly occurred to me that recently, my friend KL SREERAM reported a vulnerability related to Google's internal IP, and another friend Vishnu reported a vulnerability that used Google's domain name to access the control panel. Currently, both vulnerabilities have been fixed by Google, and the internal IP addresses associated with these two vulnerabilities are not accessible from the Internet.

But now that I have a few Google internal IP addresses in front of me, I have to find a way to see if I can bypass the restrictions.

A flash of light

As I was trying to figure out how to get around Google's security restrictions, I thought, "can you ask Google itself how to get around its own restrictions?" Hey, , Google it. So, I used Google to search for a lot of "ways to bypass Google IP restrictions," and an article with the path / blog/forum/comments revealed that we need to use Google Access Proxy, that is, Google's own access agent, to do this. Ah, it seems very difficult as an individual to have such an agent.

So, I continued to look for ah, at this time my room suddenly power outage, and my laptop did not plug in the battery, at this time my heart is simply 10,000 grass mud horses flying by. Hey, I will not give up, I will continue to find a way to achieve it!

I can only use my phone to continue Google. At this time, because I like to use Chrome, out of curiosity, I tried to open one of the IP,WTF in my phone's Google browser Chrome, and there was a login page for HTTP.

Without entering my login credentials, I just clicked on the LOGIN button on the page, which was so amazing that I jumped to a page with a lot of buttons and options. A minute later, I realized that this was a Google product management page. Yes, I was in Google's intranet, and I visited Google's internal product management page before I fully recovered.

The following is the Youtube satellite LVB management page of Youtube:

The following is the YouTube TV TV service management page:

Where hills bend, streams wind and the pathway seems to end

After a while, when the call came, I switched to a computer to open the IP address, but I couldn't open the login page on my phone at all. I'm a little dizzy. Why can it be on the phone but not on the computer?

Alas, I wrote a POC on my phone and submitted it to the Google security team as quickly as possible. Five hours later, I received a vulnerability confirmation response from Google, and they praised it as a great loophole. I was very happy that Google responded to my loophole rookie as far away as Trivandrum in India in Silicon Valley.

The Google security team would love to know what kind of IP or agent I used as a springboard to access its internal management system, but I was completely confused about it, so I wanted to do some more in-depth analysis.

Past dark willows and flowers in bloom lies another village

Two hours later, I found out why I got into Google's internal management system. The reason for all this is due to the mobile Chrome browser extension Data saver (Traffic Saving App), which is installed and enabled on my phone.

Google launched a fairly useful new extension "Data Saver" for Chrome browser in 2015, which, like the name, saves users the amount of data they use when browsing. This extension uses Google's data compression agent service to provide the browser with a traffic-optimized page for simple browsing. This feature of the mobile version of Chrome is directly embedded in the browser, and users only need to turn on the Data Saver function in the settings.

The whole process of accessing Google's internal system using the Data Saver plug-in is roughly as follows:

The agent in the middle of the image above is the Google data Compression Agent service used by the Data Saver plug-in, which helps me. Similarly, when I install the Chrome browser in my laptop and enable the Data Saver plug-in, I will be able to access Google's internal system. So that's the problem! In other words, anyone who installs and enables the Data Saver plug-in in the Chrome browser will be able to access the Google intranet.

So I responded to Google with this cause analysis. Soon, half an hour later, Google replied to me.

Loophole reward

This is the end of the sample analysis of bypassing restrictions on access to the Google internal management system. I hope the above content can be of some help and learn more. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.