Unauthorized Admin Account Access via Google Authentication

Sahil Mehra
2 min readApr 13, 2024

--

In this blog we will talk about a weakness that enables an attacker to gain access, to admin accounts through Google Authentication. This incident emphasizes the importance of disclosure. Taking proactive steps to ensure security. In this blog post we will explore the situation involving the bug and its possible implications.

Bug Scenario

During my security testing I came across a vulnerability. This issue was found in the Google authentication process. Could potentially provide access, to an administrator account. The main cause of this problem was a parameter called “auth[email]”, in the authorization request that went unnoticed which give me the access to the admin account of redacted.com

This is how the HTTP request looks like, which exposes the flaw: By exploiting this parameter, I was able to gain unauthorized access to sensitive areas of the website.

POST /oauths
Host: redacted.com

auth[email]=
attacker@example.com&auth[first_name]=first_name
&auth[last_name]=last_name&auth[id]=ID&auth[provider]=google

An attacker could easily manipulate the “auth[email]” parameter to gain unauthorized access to the admin account or other company staff accounts.

Steps to Reproduce

  1. Navigate to “https://www.redacted.com/register"
  2. Initiate Google Authentication by clicking on “Sign in With Google”.
  3. Intercept the Authorization Request.
  4. Once you receive the request with the URL “https;//www.redacted.com/oauths" make a modification to the parameter “auth[email]”. Change it from your email address to info@redacted.com or any other official email address associated with your company.
  5. After making this change simply forward the request. You will gain access to the admin account.

Impact

  1. Unauthorized access to admin accounts may lead to data breaches, exposing sensitive and confidential information.
  2. Attacker’s have the potential to make changes to system configurations, which could disrupt services or introducing vulnerabilities.
  3. A compromised admin account can harm an organization’s reputation and erode trust among users, customers, and partners.
  4. Significant financial losses can occur as a consequence of downtime, legal penalties and data loss.

Proof of Concept

Proof of Concept Video

Special thanks to sechunt3r ( Brother )

--

--

Sahil Mehra
Sahil Mehra

Written by Sahil Mehra

Penetration Tester | Programmer

Responses (6)