赏金任务
by Gopal Singh
通过Gopal Singh
我绕过了“ 如何以15,600美元的赏金来入侵Google的错误跟踪系统本身。 “ 这是如何做。 (I bypassed “How I hacked Google’s bug tracking system itself for $15,600 in bounties.” Here’s how.)
Hello Everyone!
大家好!
I was reading some write-ups, and I came across this bug which I liked: “Getting a Google employee account.” It was a nice find by Alex Birsan. I started testing the issue tracker, and I was trying to see if I could get a Google account. Then looking around in issue tracker, I noticed in the browse components there were two public issue trackers. So I clicked on Android Public Tracker.
我正在阅读一些文章,并且遇到了一个我喜欢的错误: “获取Google员工帐户” 。 Alex Birsan的发现很不错。 我开始测试问题跟踪器,试图查看我是否可以获得Google帐户。 然后环顾问题跟踪器,我发现在浏览组件中有两个公共问题跟踪器。 因此,我单击了Android Public Tracker。
I could see bugs reported to Android there. To report a Bug in the Android public issue tracker, you can send an email to:
我在那里可以看到向Android报告的错误。 要报告Android公共问题跟踪器中的错误,您可以发送电子邮件至:
buganizer-system+componentID@google.com
buganizer-system + componentID @ google.com
where android’s component id is 190923.
android的组件ID为190923。
I could see that my issue got listed in the public issue tracker. I got a confirmation email from buganizersystem+my_email@google.com. A reply to this email would be directed to:
我可以看到我的问题已在公共问题跟踪器中列出。 我收到来自buganizersystem+my_email@google.com的确认电子邮件。 对此电子邮件的回复将定向至:
buganizer-system+componentID+issueID@google.com
buganizer-system + componentID + issueID @ google.com
I responded to that email, and a comment was posted in the conversation. I could add a Google email to see if I could get a confirmation code. To test this I clicked on Forwarding and POP/IMAP in Gmail settings and added the Google email to the forwarding email address. I was surprised to see I got a confirmation code in the Android public issue tracker.
我回复了该电子邮件,并在对话中发表了评论。 我可以添加Google电子邮件以查看是否可以获得确认码。 为了对此进行测试,我单击了Gmail设置中的转发和POP / IMAP ,并将Google电子邮件添加到了转发电子邮件地址。 我很惊讶地看到我在Android公共问题跟踪器中收到确认代码。
There are two parts here to get a Google account Signup and verification. I could verify a Google account, but I could not signup for an @google.com account, so my report was closed as Won’t Fix. I almost gave up, because after the initial fix I could not use my google.com email. But I decided to give it one last try.
这里有两个部分来获取Google帐户的注册和验证 。 我可以验证Google帐户,但无法注册@ google.com帐户,因此我的报告已关闭,因为无法修复。 我几乎放弃了,因为在完成初步修复后,我无法使用google.com电子邮件。 但是我决定最后尝试一下。
Then I started visiting every sub-domain of Google to see if I could use a google.com email to signup. This new signup page appeared (see below). Initially, I could not find “Use my current email address instead” to get it to go to https://partnerissuetracker.corp.google.com/. Then you would click on Create an account, and you could see there was an option to use your current email address.
然后,我开始访问Google的每个子域,以查看是否可以使用google.com电子邮件进行注册。 出现了新的注册页面(请参见下文)。 最初,我找不到“改为使用我当前的电子邮件地址”来访问https://partnerissuetracker.corp.google.com/ 。 然后,您将单击“创建帐户”,您会看到有一个使用当前电子邮件地址的选项。
My heart rate increased after seeing the new signup page. I began to sign up using the buganizer-system+componentID+issueID@google.com email and then it asked me to verify by entering the code.
看到新的注册页面后,我的心跳加快了。 我开始使用Buganizer-system + componentID + issueID @ google.com电子邮件进行注册,然后它要求我输入代码进行验证。
确认你的邮件地址 (Verify your email address)
I was waiting for the verification code in the conversation, and then I received the verification code in the email and the conversation in the issue tracker.
我在等待对话中的验证码,然后在电子邮件中和会话中在问题跟踪器中收到了验证码。
After successfully signing up for the Google Account, I reopened the issue. The impact here was that you can access https://google.ridecell.com which requires a Google account. Besides this, I tried to upgrade my account to Gmail now as I had a Google account. I added it to my Gmail, and I was able to send an email using from buganizer-system+componentID+issueID@google.com
成功注册Google帐户后,我重新打开了问题。 其影响在于,您可以访问需要Google帐户的https://google.ridecell.com 。 除此之外,由于我拥有Google帐户,因此我现在尝试将帐户升级到Gmail。 我将其添加到我的Gmail中,并且能够使用Buganizer-system + componentID + issueID @ google.com发送电子邮件
If you try to spoof google.com email, your mail will land in spam. But my email appeared in the inbox, and it was from @google.com so an attacker could pretend that they were a Google employee.
如果您尝试欺骗google.com电子邮件,则您的邮件将成为垃圾邮件。 但是我的电子邮件出现在收件箱中,并且发自@ google.com,因此攻击者可以假装自己是Google的雇员。
好赶上! (Nice catch!)
It was 9:50 PM when I was looking for bugs, and finally, the most awaited email arrived: I was getting $3133.70. I could not sleep the whole night.
到了9:50 PM时,我正在寻找错误,最后,我最期待的电子邮件到了:我得到了$ 3133.70 。 我整夜无法入睡。
Check out this video to see more:
观看此视频以了解更多信息:
Thanks to Alex Birsan — this would not have been possible without his write-up. I learned a lot from reading his write-up. Also, thanks to Avinash Jain and Alex Birsan for taking the time to review the draft.
多亏亚历克斯·伯桑 ( Alex Birsan) -如果没有他的写作,这是不可能的。 通过阅读他的文章,我学到了很多东西。 另外,还要感谢Avinash Jain和Alex Birsan抽出宝贵的时间来审查草案。
Thanks for reading!
谢谢阅读!
Gopal Singh (https://twitter.com/gopalsinghcse)
戈帕尔·辛格 ( https://twitter.com/gopalsinghcse )
赏金任务
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
