|security issue: Google lets you search for credit cards by using hex numbers||bennetthaselton2012||11/14/13 10:30 PM|
This is a security issue that I'm trying to bring to the attention of a Google employee. I'm not sure if it fits under "malware", but I couldn't find a better place to post it. The original discoverer already emailed secu...@google.com twice and says he received no response.
Google currently attempts to block users from searching for number ranges that match credit card numbers. For example if you try searching for
on Google, you get an error page saying "Our systems have detected unusual traffic from your computer network. Please try your request again later."
This makes sense. However the security hole is that you can circumvent this restriction by searching for hex number ranges:
If you do this, Google obligingly brings up several pages containing credit card numbers (hopefully most of which have been deactivated).
The original discoverer posted about this trick here:
Can we get confirmation from someone at Google that they're aware of this issue, regardless of what they decide to do about it?
|Re: security issue: Google lets you search for credit cards by using hex numbers||bennetthaselton2012||11/26/13 12:30 AM|
This problem has been fixed. If you try to search for credit card numbers by using hex numbers:
you get a blockpage saying "Our systems have detected unusual traffic from your computer network" etc.