Parameter Tampering on Google Jobs

Posted: October 15, 2013 in google vulnerability
Tags: , , ,

This is a vulnerability on google jobs page.

Severity wise this vulnerability can be used as a sad joke and nothing else, no harm done ! πŸ˜›

If this was some banking website or a stock related website, the severity posed by such vulnerability would be different.

Anyways back to the vulnerability. This vulnerability allows tampering the parameter ‘job‘ in the URL. Once you change the parameter’s value

you’ll notice that the job you are applying to will also change!

PoC:

Try changing the value for the ‘job’ parameter and you will notice the job you are applying to changes. There is no validation for the same if you fill-out

the form and submit it! So now you can apply for any job that isn’t even listed on google jobs page πŸ˜€

Happy job hunting πŸ˜€

Here is an image of the job I’m trying to apply to (FOOD JUNKIE !) πŸ˜›

GOO2

This vulnerability was reported to google but since the severity was not ‘High’ and neither was affecting any google customers, it didn’t qualify for a bug bounty.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s