david wong

Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

How we got read access on Google’s production servers

posted April 2014

The team at Detectify found a way to access files on one of google's production server. Thanks to an old google product (google toolbar) that was using a poorly secured XML parser.

They just used a simple XXE attack where they uploaded a poisoned xml files and saw what the application printed back

a xxe looks like this:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [  
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>

More on their blog

Well done! You've reached the end of my post. Now you can leave me a comment :)