Abusing App Engine to Automate Phishing

By September 24, 2020Cyber Security

Attackers can abuse a feature in Google App Engine to generate unlimited phishing URLs, BleepingComputer reports. Security researcher Marcel Afrahim found that App Engine URLs that contain a non-existent subdomain will redirect the user to the app’s default page, rather than displaying a 404 error. As long as the “project ID” portion of the URL is correct, any App Engine URL will redirect to that particular project.

Refer Here for Original Post and Source https://blog.knowbe4.com/abusing-app-engine-to-automate-phishing

Robert Crossland

Author Robert Crossland

More posts by Robert Crossland