24.11.05

Sitemaps for all

A recently discovered flaw in Google Sitemaps allows anyone to gain access to detailed statistics on a variety of websites.

The flaw is in the verification routine, which looks for a file with a specific hash value in its name to verify site ownership. While this works well for sites with default "404- File not found" pages, when sites use a redirect to a custom error page this is interpreted as the file being present, allowing anyone to successfully verify the site, according to David Naylor.

Several blogs discuss their successes with adding high profile sites to personal accounts, allowing the viewing of top search terms, click-throughs and more for these sites. Although the information revealed is not critical, many webmasters are sure to be concerned about their detailed site statistics being publicly accessible, and Google would be wise to fix this promptly.

Google has been noted in the past for providing information on insecure websites and hardware via crafty searches.