How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon]

Hello Hunters , Hello Infosec Community

data experiences on Looker and Looker Studio

Credentials For Looker Instance On Github By [Google Employee] Led To Critical Access Perform All Api Calls For [Cloud BI Hackathon ]

i was able to find client id & client secret for looker All that instance led to critical Access and Info and perform all api calls on Cloud BI Hackathon event

Leaked Data:

base_url=https://GoogleAPP.looker.com/:19999
client_id=XXXXXXXXXXXXXXXXX
client_secret=XXXXXXXXXXXX

POC:

normal POC it was for looker by usin this curl command

curl -d "client_id=ENTERHERE&client_secret=ENTERHERE" https://DOMAIN.looker.com:19999/login
id|email|last_name|first_name|personal_space_id|home_space_id

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store