One of the best examples of Human spirit & Inclusive Society.... Free spirites Children in every field are better teachers...... #SaturdayMorning #togetherwehitharder #togetherstronger #differentlyabledsuperhumans #teaching https://www.instagram.com/p/B6nr4bhlxfQ/?igshid=1w0hqm75kjibz

#RodElliott #RedShaman #RaiseTheBar #togetherwehitharder #TheSqueeze #TheBlandRule https://www.instagram.com/p/B4-RmMRn9Ei/?igshid=1r856b5aegvdk

. . . . . #mondaythoughts #MondayMotivaton #TogetherWeCan #togetherwehitharder #snowflakes https://www.instagram.com/p/B2xJqknB06C/?igshid=14txmfdx3vghf

We are cooking something for you guys!!! Don't miss the opening of a solo art exhibition by @olivierkwitonda_arts @thehutrwanda on Friday June 30,2017 at 6:00pm to 10:00pm!!! #artexhibition #livemusic #talents #togetherwego #togetherwehitharder #art #contemporaryart #rwandanart #africanart @officialvieews @myafrikart @theafricangallery #my250 #livinginkigali #rwandalicious @ismaelngarambe let's go and burn the stage bro!!! (at Kwitonda_arts)

I got emails - G Suite Vulnerability

After recent finding about Uber and SendGrid bug, I decided to check other third party applications that were also used for similar cases. During the investigation, some third party applications were found to be vulnerable including G Suite.

The initial research of this vulnerability started when investigating a vulnerability on whatsapp.net. It was interesting to see that whatsapp.net had its DNS in following manners (Image attached)

Based on this we can see that the MX setup is through Google specifically through G Suite.

Next, I went to G Suite signup page, and then signed up for the domain which created email id [email protected]. At first, this did not bring any security risk because for G Suite to properly work, a domain ownership verification is required so going to gmail.com would show the following screen.

This shows that without domain verification nothing could be done. However when looking up how forwarding and routing was done with G Suite I found this document by Google: https://support.google.com/a/answer/2368153?hl=en

This stated that one could set a routing by using the Default Routing tab in Gmail Advanced settings located at  G Suite. This should still require domain verification. However, it did not.

It did not take much work after that to set the route in the following manners:

Next, I decided to send a test email to [email protected] which then arrived to my private email. Once that was verified to work I submitted the report to Facebook Security team through https://facebook.com/whitehat. Facebook fixed it in about 4 days of the report being sent.

Next, I found similar issue on Yelp through their yelp-support.com domain. Once I found the vulnerability on Yelp I realized this could be more wide spread than I had originally thought so I reached out to Google security team and reported it to their team as well.

In about 1 day of my report, Google fixed the issue from their side so now when trying to use Gmail’s advanced settings without verification domains will give the following alert:

“We are unable to process your request at this time. Please try again later. (Error #1310)” 

In the end, this vulnerability was fixed by Facebook, Google and Yelp  by January 31, 2017. 

Thanks to Google, Facebook and Yelp for the generous bounty amount.

Blog post by: uranium238

RT @lukerodgers90: Well this was a nice surprise to wake up to. I was awarded a $7,500 bounty on @Hacker0x01. Thanks #magento! I'll see if I can post details when it's patched. https://t.co/1xOvtQ1kUz #TogetherWeHitHarder #bugbounty #Hack https://t.co/BOBxdJnCfN

Well this was a nice surprise to wake up to. I was awarded a $7,500 bounty on @Hacker0x01. Thanks #magento! I'll see if I can post details when it's patched.https://t.co/1xOvtQ1kUz #TogetherWeHitHarder #bugbounty #Hack pic.twitter.com/BOBxdJnCfN

— Luke Rodgers (@lukerodgers90) March 31, 2019

from Twitter https://twitter.com/fbeardev

#RodElliott #RedShaman #RaiseTheBar #togetherwehitharder #TheSqueeze #TheBlandRule (at Town of Smiths Falls) https://www.instagram.com/p/B47wj5fnSVF/?igshid=jdtsogok14fs

https://youtu.be/g4KVcV_rMwY #RaiseTheBar #RodElliott #RedShaman #togetherwehitharder (at Smiths Falls, Ontario) https://www.instagram.com/p/B0nYTaqnWz2/?igshid=1mhj7e2f0oxfe

https://youtu.be/h1mRkzTOuzk #TheSqueeze #TheBlandRule #togetherwehitharder (at Smiths Falls, Ontario) https://www.instagram.com/p/B0nfC7IHFLZ/?igshid=es4zy8f8q12c

https://youtu.be/2uFNfBGC72Q #Blink #thetippingpoint #whatthedogsaw #RedShaman #RodElliott #RaiseTheBar #legacy #togetherwehitharder (at Smiths Falls, Ontario) https://www.instagram.com/p/B0e_F3CHzZH/?igshid=1ijfjz4d4gvnf