
Google pays bounty for discovery of core search algorithm exploit - randfish
https://searchengineland.com/hijacking-google-search-results-for-fun-not-profit-uk-seo-uncovers-xml-sitemap-exploit-in-google-search-console-295169/amp
======
will_critchlow
More technical details here: [http://www.tomanthony.co.uk/blog/google-xml-
sitemap-auth-byp...](http://www.tomanthony.co.uk/blog/google-xml-sitemap-auth-
bypass-black-hat-seo-bug-bounty/)

(Tom works at my company)

------
TomAnthony
(I'm the researcher in question).

This was the result of a lot of research over some weeks. A lot of people have
asked me whether I think this was being used in the wild.

On one hand - it was hard to find, but on the other hand it has probably
existed for years, so it is really hard to tell. It is quite worrying the
impact it could have been having if it was known.

