Categories: Malware & hacked sites :

security issue: Google lets you search for credit cards by using hex numbers

Showing 1-2 of 2 messages
security issue: Google lets you search for credit cards by using hex numbers bennetthaselton2012 11/14/13 10:30 PM
This is a security issue that I'm trying to bring to the attention of a Google employee.  I'm not sure if it fits under "malware", but I couldn't find a better place to post it.  The original discoverer already emailed secu...@google.com twice and says he received no response.
 
Google currently attempts to block users from searching for number ranges that match credit card numbers.  For example if you try searching for
4060000000000000..4060999999999999
on Google, you get an error page saying "Our systems have detected unusual traffic from your computer network. Please try your request again later."
 
This makes sense.  However the security hole is that you can circumvent this restriction by searching for hex number ranges:
0xe6c8c69c9c000..0xe6d753e6ecfff
If you do this, Google obligingly brings up several pages containing credit card numbers (hopefully most of which have been deactivated).
 
The original discoverer posted about this trick here:
 
Can we get confirmation from someone at Google that they're aware of this issue, regardless of what they decide to do about it?
 
Thanks!
 
Bennett
Re: security issue: Google lets you search for credit cards by using hex numbers bennetthaselton2012 11/26/13 12:30 AM
This problem has been fixed.  If you try to search for credit card numbers by using hex numbers:
 
you get a blockpage saying "Our systems have detected unusual traffic from your computer network" etc. 
 
Bennett