DDoS AttackSecurity penetration tester found that you can use Google Plus servers to DDoS attack any site. For those who never met the term DDoS is the initials for Distributed Denial-of-Service. It was discovered on August 10, Google was informed the same day and now it is time to inform you. There are two pages that are vulnerable, “/_/sharebox/linkpreview/” and “gadgets/proxy?”. You can request any file from Google+ and it will fetch it and present it to you. You can start simultaneously a huge number of requests, then Google will perform the requests and possibly DDoS the target site. In this case you use Google’s bandwidth as a weapon. The surprising fact is that you don’t even have to be logged into Google+ to start a request. Also the victim site will see the Google’s IP and not yours, although “gadgets/proxy?” will send your IP in Apache log. If you want to be anonymous, use the second page “/_/sharebox/linkpreview/“.

Just a reminder, everything you read is only to inform you and do not try anything that is illegal. You can read more in this site where there are also practical examples and a presentation with video quide.

You can use Google Plus servers to DDoS attack any site