SQL Injection Vulnerability in Google Lab Database System

Statement By Hacker :

I already contact with Google Corporation but they don't give positive response, I think this is their big fault, and will suffer for that. But if they give Positive response then this will be very good for them. Thanks a Ton!!!

Shadman Tanjim

Ethical Hacker, Programmer and Security Professional

Email: admin@bdcyberarmy.com or shadman2600@gmail.com

Website: www.bdcyberarmy.com/forum

Greets to: Shahee Mirza, Almas Zaman, Sayem Islam, Pudina pata, LuckyFm and All

Bangladesh Cyber Army Members.

Video Download link:

Hackers Release Step by step proof about this Vulnerability

1st Work with Havij Advance SQL Injection Tool:

2nd now Work with Safe3 SQL Injector v8.4:

3rd Pangolin SQL Injection Tool:

UPDATE :

Google insist that there has been no intrusion. The company claims that their GQL database won't allow SQL injection attacks. A

dditionally, they say that the data that appears in the screen shots, does not exist anywhere in their data stores.





On this Shadman Tanjim - Hackers Reply to Google " Proof it. because I am Also Proof it's Vulnerable. If they say's Google Lab is Not Vulnerable, It Means We get new Bugs in Some Famous SQL Injection tools. And also and 1=1 concept. So tell them to proof this and I don't think All tools are false. because 1 tools can false, 2 tools can get false but not All. ALL Tools say's it is Vulnerable, So i don't think it any confusion. :D "

Very Big & Critical Vulnerability detected in Google Lab System. Vendor is already reported by hackers, But they don't take positive step in this case, so finally hackers exposed the vulnerability in public byon their Forum Google Lab Website has SQL Injection Vulnerability and Dangerous thing is this Vulnerability is Exploitable. Hackers are able to get Tables, columns and data from Database. Google Lab Database has his own customize DB system. But Interesting things is their database system is Similar as Ms Access database. In this case Ms Access SQL Injection System is Also Work on Google Lab Database system. www.googlelabs.com or labs.google.com SQL InjectionHost IP: 209.85.175.141Web Server: Google FrontendKeyword Found: FastInjection type is IntegerLet's Check Exploiting this Vulnerable link. Here Hackers use 3 Famous SQL Injection tools. They are:1. Havij Advance SQL Injection Tool 2. Safe3 SQL Injector v8.4 3. Pangolin SQL Injection Tool Scan Vulnerable link and it says this website is Vulnerable.Now it scans and gets all tables and columnsNow you can see list of tables and ColumnsAnd this is a Prove for this Website is Genuine SQL Injection Vulnerable. Here you see this database type is MS Access, so this is a Proof of this concept. Some people should Say Google Lab Database System is not Ms Access but this Website Database is Similar as Ms Access database and Ms Access SQL Injection Query are also Work on Google Labs Database system. As like MySQL 5 and MySQL 4.1 both are injected via Union select, but both are not have Information Schema.Analyzing Vulnerable link and it says it's vulnerable and gets keyword and db type.Now it's Inject the vulnerable link and gets All Table list and column listThis is another Prove for this Website Vulnerability and we can see this and Dangerous thing is its Exploitable. Now we check our last SQL Injection tool for 100% Satisfy.Scan vulnerable link and its say this website is vulnerableNow inject this Website and get tables and columns listHere is a full List of Tables and Columns listNow I think we are 100% Sure Google Lab Website is SQL Injection Vulnerable.You Can Check Video. This Video is also made by