Archive for the ‘google vulnerability’ Category

This is a vulnerability on google jobs page.

Severity wise this vulnerability can be used as a sad joke and nothing else, no harm done ! 😛

If this was some banking website or a stock related website, the severity posed by such vulnerability would be different.

Anyways back to the vulnerability. This vulnerability allows tampering the parameter ‘job‘ in the URL. Once you change the parameter’s value

you’ll notice that the job you are applying to will also change!

PoC:

Try changing the value for the ‘job’ parameter and you will notice the job you are applying to changes. There is no validation for the same if you fill-out

the form and submit it! So now you can apply for any job that isn’t even listed on google jobs page 😀

Happy job hunting 😀

Here is an image of the job I’m trying to apply to (FOOD JUNKIE !) 😛

GOO2

This vulnerability was reported to google but since the severity was not ‘High’ and neither was affecting any google customers, it didn’t qualify for a bug bounty.