1. Home
  2. Forums Index
  3. Search Engines and SEO / Google Search and SEO 7:11 am Apr 22, 2026

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

XML Sitemap Link Exploit Blocked

         

iamlost

3:40 pm on Apr 5, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Interesting bug aka potential Google Search exploit write up by Tom Anthony, Head of R&D at Distilled.
* $1337 Google bug bounty for security exploit that influences search results [tomanthony.co.uk]
Note: in typical Google geekiness the odd 1337 dollar amount is tribute to 'leet' hacker.

Google provides an open URL where you can ‘ping’ an XML sitemap which they will fetch and parse – this file can contain indexation directives. I discovered that for many sites it is possible to ping a sitemap that you (the attacker) are hosting in such a way that Google will trust the evil sitemap as belonging to the victim site.


On reading I found myself considering several similar channels of investigation - however, as I have neither the time nor interest in G will leave such to others. :)

Warning: always consider risks and ramifications before playing.

MayankParmar

7:25 pm on Apr 9, 2018 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



$1337 is nothing for discovering such a big loophole.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Search Engines and SEO / Google Search and SEO 7:11 am Apr 22, 2026