As a passionate bug bounty hunter, I always look for vulnerabilities in any application that I use regularly. Google Maps is a navigation product developed by Google which we use in our day-to-day routine to track real-time traffic conditions and for route planning. So, I started hunting for vulnerabilities in Google Maps.
After spending a complete full day, I was able to find an issue with Google Maps. YES! You heard it right 🙂 Found a CSRF issue in one of the most commonly used Google products. Yay!!!
Overall, it was a surreal experience.
Vulnerability Title: CSRF token missing at the change location request
Vulnerability Type: CSRF (Cross-site Request Forgery)
Pre-requisites
Google Accounts: Two accounts, one as an Attacker (UserA) & the other one as Victim (UserB)
Browser: Mozilla Firefox (Recommended) or any preferred browser of your choice
Tools: Burp-suite Pro
Steps to Reproduce:
1. Log in to your Google account as User A (Attacker) and navigate to this URL
2. On the bottom of the page, you will find Home address and work address (Vulnerable fields)
3. Turn on the burp-suite intercept and change the office address to ‘yourDesiredCountry’ as User A (Attacker)
4. Capture the request and create a CSRF POC using Burp-suite Pro
5. Save the request as ‘timeline.html‘ file and sent to User B (Victim)
Issue :
When User B (victim) clicks on the file – the default location of User B will be changed to ‘yourDesiredCountry‘ set in Step 3 by User A (Attacker)
Impact :
Impact Rating is High! It can change any user’s home or work addresses – Mostly users have their Google Accounts signed up in their web browsers and mobile apps all the time. If the victim is attacked in web, changes propagate to mobile apps as well. It automatically changes the address in Google Maps App.
Google’s VRP :
As part of Google’s Vulnerability Reward Program, the panel has decided to issue a reward of $1337 for this report!
At the end of the day, I was very happy to receive a reward from Google.
Looking forward to share my bug bounty hunts in the future, Stay tuned!
Suggested Readings : Top 30 Cucumber Interview Questions & Answers