Researchers got Rewarded by $10,000 for Reporting XXE Vulnerability in Google
A critical bug XXE vulnerability has been found by researchers which let researchers access the internal files of Google’s production servers. Sounds surprising but it has been really found by hackers which let hackers read any internal files.
This vulnerability can be called as “XML External Entity(XXE)“ or “XML Injection“. The researchers crafted there own buttons, by uploading it they gained access to internal files of Google Production server like they managed to read “/etc/passwd” and “/etc/hosts“.
The team of researchers reported the vulnerability to Google as we all know , Google is having a famous bug bounty program, When they reported XXE vulnerability to Google so they rewarded the researchers which $10,000 for identifying bug in search engine’s feature.
The post Researchers got Rewarded by $10,000 for Reporting XXE Vulnerability in Google appeared first on Am I Hacker Proof.
View full post on Am I Hacker Proof