Thursday, August 10, 2017

Highschooler wins $10K for easily spoofing Google server to leak private data


It turns out that scooping a juicy bug bounty reward from Google is as easy as tampering with its host header – or at least this is what one crafty Uruguayan highschooler with cybersecurity ambitions did to pull it off. The Big G has rewarded Ezequiel Pereira with a $10,000 bug bounty after the independent security researcher came across a vulnerability that allowed coaxing one of the company’s back-end servers into granting attackers access to confidential data. Aimlessly toying around with some Google services, the resourceful highschool researcher discovered that using popular vulnerability scanner Burp Suite to modify the host header…

This story continues at The Next Web

Or just read more coverage about: Google

No comments:

Post a Comment