Monday, December 21, 2015

Arbitary File Upload Vulnerability in Google Nest (Write Up)

In this article I will show you how I found a Arbitary File Upload Vulnerability in Google owned Nest which allows me to access Nest sensitive customer datas like Credit Card Information, Emails and Passwords and etc… The vulnerability can also cause a Stored XSS by uploading a malicious file with a Cross Site Scripting payload encoded.

So here’s a video demonstration of the issue.


Reported: Tue, Sep 2, 2014 at 10:07 PM

Triaged: Tue, Sep 2, 2014 at 11:25 PM

Confirmation: Thu, Sep 11, 2014 at 6:30 AM

Fixed: Fri, Sep 19, 2014 at 3:53 AM

Shell Uploaded on Google Nest
Shell uploaded on Nest

I hope you enjoy reading this article.


Failure will never overtake me if my determination to succeed is strong enough.
~Og Mandino


  1. hi where to get nice shell .php ?

  2. Sad to say but, I forgot already where I put this shell.