Abusing App Engine to Automate Phishing

Attackers can abuse a feature in Google App Engine to generate unlimited phishing URLs, BleepingComputer reports. Security researcher Marcel Afrahim found that App Engine URLs that contain a non-existent subdomain will redirect the user to the app’s default page, rather than displaying a 404 error. As long as the “project ID” portion of the URL is correct, any App Engine URL will redirect to that particular project.
Read More

Please follow and like us: