6. February 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

Implementation vulnerabilities in Google Drive integrations created various server-side-request-forgery (SSRF) flaws in various applications, say cybersecurity experts. It also includes Dropbox’s HelloSign, a digital signature platform, however, the latest SSRF was gained by CRLF and asks pipeline in other, anonymous applications, says Bug Bounty hunter Harsh Jaiswal. Jaiswal won a bounty reward of $17,576 for a basic but important SSRF associated with HelloSign’s Google Drive Docs export feature. 

If one uses an extra parameter in Google Drive API, it is possible for experts to compelled HelloSign for parsing external JSON data that leads to an SSRF attack. Dropbox has updated the parser securely making a request mitigating the flaw. 

The implementation issues surfaced in integrations that retrieved files from Google Drive API in the servers. To explain the issue, Jaiswal laid out a situation where an app collects and renders an image file in Google Drive in a way that allows hackers to gain control of HTTP requests made to Google APIs via file ID. A user can make a path traversal, adding query parameters. 

The Daily Swig reports “Jaiswal began the research in 2019 after speculating that he might be able to get an open redirect on Google APIs, but this turned out to be unviable. However, he found another route to SSRF. Because the alt=media parameter served the entire file rather than the JSON object, when the application parsed the JSON and extracted downloadUrl, attackers could gain control over downloadUrl.” A payload consisting of a malicious JSON element

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: