My first Google HOF

Whoever starts learning about bug hunting, their dream is to get a bounty and HOF from Google. I too got successful in June 2021 when I found a vulnerability in a Google product Dialogflow.

What is Dialogflow?

Dialogflow is a natural language understanding platform that makes it easy to design and integrate a conversational user interface into your mobile app, web application, device, bot, interactive voice response system, and so on. Using Dialogflow, you can provide new and engaging ways for users to interact with your product.

Dialogflow can analyze multiple types of input from your customers, including text or audio inputs (like from a phone or voice recording). It can also respond to your customers in a couple of ways, either through text or with synthetic speech. read more about it here.

I have created many google actions using Dialogflow such as
PU Help
Food Guru etc
It is a very good and easy tool to develop voice assistants and we all know about the booming voice industry.

What was the vulnerability?

One day, I was using the feature of Roles in the Dialogflow. There are 3 roles in the Dialogflow
Admin: creator of the action, has full access
Developer: read-write access
Reviewer: only read access

Granting roles to users

I granted the reviewer role to a user and started using all the features of Dialogflow to see what a Reviewer role user can or can't do. I moved to Training tab where a Reviewer role user was able to modify the Training phrases, Add training phrases to the intent, delete conversations, Change Intent matching through the Training Tab.

Training Tab

It was a serious issue as according to the documentation the Reviewer role user cannot modify the Agentbut I was able to do it.

Impact of the Vulnerability

This has a huge impact as a Reviewer can degrade the whole Dialogflow project by changing the Intent matching, Training phrases, Delete conversations from History Tab. Conversations are essential for a Project Team to analyse data and improve the Agent

It becomes very easy for an Attacker to degrade the project by using the agent on any device such as a mobile phone. All these conversations will be available in the Training Tab and then he can change intent matching, add training phrases etc.

As the Reviewer can view all the training phrases from Intent Tab, he can add all those training phrases to another Intent using this scenario.

This can greatly affect the Agent as it will give wrong responses to users.

google HoF
Google reward

I reported this bug in June 2021 and got the award of $1337 in September 2021. It was a great feeling when I saw the mail with the reward amount. This is my first 4 digit bounty too.

Advice to beginners.

1 Choose one Target
2 Spend time on that(> 1 month)
3 Read Documentation many time

A nature lover, loves to travel to the unhidden

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

FlutterForce — #Week 1

What’s the difference between a Core i3, Core i5 and Core i7?

Auto-completion for Workflows JSON and YAML on Visual Studio Code

Merging Communities

Top 20 Android Interview questions you must prepare for Android

Doctor or programmer?

pip install psycopg2 error

Wekor — TryHackMe

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
RV Sharma

RV Sharma

A nature lover, loves to travel to the unhidden

More from Medium

2FA Bypass Methodologies

How i got financial advisor by simply hack into their membership plan !

Hacking Apple Security Report System

Tìm những bug trên Symfony