Google Drive Information Leak

Categories: Security, tech

Google Drive & Gmail attachments Leak

This part of Google bounty program

[IDOR] exploit to allow the attacker to leak your Google Drive files

and this mean attacker could leak Gmail attachments that uploaded to Google Drive, Photos you shared with Gmail or any other third party

here is the none technical product flow

you go to google drive  and upload a file  then u decided to share it with, Google will generate a hash of 28 char for the uploaded file and include this hash in the email u send it to


the exploit reproduction steps : and login
2.intercept traffic to POST
3.replace docId parameter with any docId
4.api will respond u with documents list of the targeted dockId and hashes !!!


docId is kinda unique Id for each google drive account

example of ids

as you notice it all starts with 0A  and ends Uk9PVA there is kind of sequence here and it easy to be brute-forced

the malformed  request


google drive will respond with a JSON file contents the files shared via your account

example of respond


as you notice here


0B7WXP883E9vbX1CBZWtaemtPNXM anyone with this hash could access this file 20140121_130143.jpg

you will be able to access this file via this link

exploit report at Apr 22 2015
exploit fixed at Apr 30 2015
docId hash improved May 7 2015


with 3133.7 $ bounty


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.