Comments on: Into the Borg – SSRF inside Google production network /2018/07/into-the-borg-ssrf-inside-google-production-network/?utm_source=rss&utm_medium=rss&utm_campaign=into-the-borg-ssrf-inside-google-production-network Open mind Security and Crypto! Fri, 30 Jul 2021 20:07:09 +0000 hourly 1 https://wordpress.org/?v=6.0.11 By: Benjamin Amywarach /2018/07/into-the-borg-ssrf-inside-google-production-network/#comment-44398 Sun, 03 May 2020 16:16:53 +0000 /?p=317#comment-44398 👏☕]]> Great find. New to looking for bugs, initially was focused on information leakage in Google subdomains, but your blog has taught me to go deeper into the app.

Thanks!
👏👏☕

]]> By: Jon DeGeorge /2018/07/into-the-borg-ssrf-inside-google-production-network/#comment-2072 Thu, 22 Nov 2018 03:57:46 +0000 /?p=317#comment-2072 The “cafe” task on the Borglet page stands for Content Ads Front End, the component of the Google Ads network that displays ads on participating websites.
The “apps-upload” task is many Google-wide upload dialogs (e.g. the Gmail photo upload and profile picture upload boxes)
You mentioned that you saw nothing that said sites. “jotspot” is the original name for classic Google Sites, and “atari” is the codename for New Google Sites.

]]> By: concerned /2018/07/into-the-borg-ssrf-inside-google-production-network/#comment-840 Sat, 21 Jul 2018 22:25:06 +0000 /?p=317#comment-840 the joe ovez link url links to a malicious site. please sanitize

]]> By: Engue Gillier /2018/07/into-the-borg-ssrf-inside-google-production-network/#comment-829 Sat, 21 Jul 2018 00:40:26 +0000 /?p=317#comment-829 In reply to MJ.

I see, interesting conversations out there!

]]> By: MJ /2018/07/into-the-borg-ssrf-inside-google-production-network/#comment-828 Fri, 20 Jul 2018 23:31:18 +0000 /?p=317#comment-828 In reply to Engue Gillier.

FYI – the above post is from a spammer that has copied tptacek’s top comment on the HN article: https://news.ycombinator.com/item?id=17576720

]]> By: Engue Gillier /2018/07/into-the-borg-ssrf-inside-google-production-network/#comment-826 Fri, 20 Jul 2018 21:59:01 +0000 /?p=317#comment-826 In reply to Joe Ovez.

Thanks!
You’re right, disclosure should be done responsibly. I believe I didn’t disclose any sensitive information, my post is just informative, with a little bit of humor that might not be understood by everybody 😛
My intent is to show that there is no magic behind this, it’s just engineering, and it’s beautiful when it’s well done!

]]> By: Joe Ovez /2018/07/into-the-borg-ssrf-inside-google-production-network/#comment-825 Fri, 20 Jul 2018 20:48:36 +0000 /?p=317#comment-825 This is a great find. SSRF is a really unappreciated vulnerability; it is usually game-over. That it came from a Caja audit adds some tasty irony.

A friendly word of advice: when you find flaws like this (you, the reader, not you, the guy who wrote this post), think carefully before disclosing internal network details you discover like this writer did. The internal details of a target network don’t become public domain simply because you found a vulnerability. There are firms that get extremely itchy about this kind of stuff getting published, and I can’t blame them.

]]>