📩 Read for Free CLICK HERE.

Hi, I'm Rivek Raj Tamang (RivuDon), a Security Researcher, Bug Hunter, and Ethical Hacker with a Master's in Cybersecurity, a Certified Ethical Hacker from Sikkim, India. I have secured many companies, received bounties, numerous Hall of Fames mentions, Letter of Appreciation / Recognition and 6 CVEs and more.

Feel free to connect with me! You can find out more about me on my LinkedIn, I am active there.

Hi readers, this write-up is a quick guide on how to find bugs using Google in your target (Part-3).

If you have not read the Part-1 and Part-2 click the link below ⬇️

How to Find P1 Bugs using Google in your Target - (Part-1)

How to Find P1 Bugs using Google in your Target - (Part-1) Earn rewards with this simple method. 📩 Read for Free CLICK…i

infosecwriteups.com

How to Find P1 Bugs using Google in your Target — (Part-2)

Earn rewards with this simple method.

infosecwriteups.com

So, without further ado, let's get started!

Google

But how do we use Google for this? Through Google Dorking?

The answer is No it's through using Google Slides and docs.

None
Google Docs

Google Slides and Docs are free, cloud-based tools within Google Workspace that allow users to create, edit, and share documents or presentations online. Google Docs is used for writing and real-time collaboration on text documents, while Google Slides is used to build and present slide-based presentations — all accessible from any device with internet access.

Method

The answer is using Google Slides and Docs.

Google Docs and Google Slides are cloud-based tools within Google Drive that allow users to create, edit, and share documents and presentations online. They support real-time collaboration and customizable sharing permissions such as view-only, comment, or edit access. I

f these permissions are misconfigured, sensitive information like personal data or organizational details can become publicly accessible, leading to information disclosure risks.

Steps to Reproduce

Google Slides

  1. Simply, use this custom Google Dork that I made and replace the target.com with your own target.
site:*.target.com intext:"docs.google.com/presentation/d"

2. You will find instances of various links that contains a URL link of google slides links.

None

3. Open all the links and search for the google slides links

4. After opening the file search for the google slides link and click on it, you will be redirected to the google slides.

5. Now click Edit and note the highlighted edit access.

None

Note: If these are not highlighted then it means it is not vulnerable.

6. You can click on share and verify the owner details and edit permissions too. You can also see the owner details and other members that has access to it.

None

7. If the document is misconfigured and the general access is set as editor, then it means that it is vulnerable and you can add, delete and modify the contents of the document.

8. For PoC you can simply add your name, and evil.com in the document and save it.

None
Proof of Concept

Google Docs

  1. Simply, use this custom Google Dork that I made and replace the target.com with your own target.
site:*.target.com intext:"docs.google.com/document/"

2. You will find instances of various links that contains a URL link of google docs links.

None

3. Open all the links and search for the google docs links

4. After opening the file search for the google docs link and click on it, you will be redirected to the google docs.

5. Now click Edit and note the highlighted edit access.

None

Note: If these are not highlighted then it means it is not vulnerable.

6. You can click on share and verify the owner details and edit permissions too. You can also see the owner details and other members that has access to it.

None

7. If the document is misconfigured and the general access is set as editor, then it means that it is vulnerable and you can add, delete and modify the contents of the document.

8. For PoC you can simply add your name, and evil.com in the document and save it.

None

Note that the changes will be permanently reflected in the original file.

So, I hope you get the impact and severity of the vulnerability with all the examples above.

An attacker can simply not just edit, modify, upload or defame the organization and the content but can also entirely delete the existence of the file contents and the documents itself in a snap. Which is absolutely crazy!

None

Verification

When testing, carefully verify key elements: ensure that the google drive belongs to the target organization, confirm it has improper edit permissions, and check whether it contains PII. Only then should it be considered a critical P1 bug. If it only has improper edit permissions or only PII without permissions issues, it may be classified as medium or low severity.

Tip: Try to manually check all the files that contain the google drive slides and documents with a logged in Google Account in your browser.

Happy Hacking ✨

The End

If you find this article helpful, please do follow and leave a comment to read more from me and encourage me to write more. ♥️

Feel Free to connect with me on LinkedIn: (P.S. Do drop a message when sending a connection request.) https://www.linkedin.com/in/rivektamang/

None
Thank you ❤