A Security expert at Italian security firm AIR Sicurezza Informatica has claimed that Google's servers vulnerability allows a hacker to exploit the search giant's bandwidth to launch a distributed denial-of-service (DDoS) attack on any targeted server.
On the IHTeam Security Blog, the author of the discovery demonstrates users can make Google's servers act as a proxy to fetch content on their behalf.
Quatrini has written a shell script that will repeatedly prompt Google's servers to make requests to a site of the attacker's choice, effectively using Google's bandwidth rather than their own, in an effort to prevent it from functioning.
The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method) and the funny thing is that apache will log Google IP addresses.
But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you'll need to use /_/sharebox/linkpreview/.
WORKING
Using vulnerable pages i.e. "/_/sharebox/linkpreview/" and "gadgets/proxy?", it is possible to request any file type from the external source, and Google Plus servers will download it to show the content. So, if you parallelize so many requests at same time, it will be possible to perform a significant DDoS attack against any website with Google's bandwidth.
