
Open redirect on Google.com - nwcs
https://blog.nightwatchcybersecurity.com/advisory-open-redirect-on-google-com-8d6c18790016#.ximjtk3yr
======
deckar01
I discovered a vulnerability in Google Drive last year that allows bypassing
the content filter on uploaded files and Google refuses to acknowledge the
threat, because my proof of concept demonstrated an open redirect. It bypasses
the full content scan, which I later determined also allows me to serve fake
Google pages from a Google domain.

The bug allowed a malicious actor to share the file, which generated an email
from Google containing a link to Google that redirected to payload containing
a Gmail worm.

I spent an entire weekend reverse engineering the attack and had to wait a
month for Google to respond saying they wouldn't fix it, because I mentioned
open redirect.

PoC:
[https://googledrive.com/host/0B8F0jrIiu66GbmFFaGpHOTJ5TUU](https://googledrive.com/host/0B8F0jrIiu66GbmFFaGpHOTJ5TUU)

