google map in iframe

[CyberBeta]

Hello @ozguralp

Thanks for the tool.
Btw i have a doubt.What about this type of google map. now a days so many sites are using map in iframe.
How to know the API key. is there an method?
can you help on this?

<iframe title="Google Maps" src="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2460i768!4f13.1!3m3!1m2!1s0x47c4348fb3c0de4d%3A0x3eb9473d3aaf9db6!2s!5e0!3m2!1sen!2snl!4v1494572044200" frameborder="0" allowfullscreen></iframe>

when try to open this iframe link got this type response in source code

<script src="https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en_US&region=no&callback=onApiLoad" nonce="JLOyqV1ANgEX13u4e9g==" async defer></script>

[ozguralp]

Hi @CyberBeta,

• The first one you added is an old example of the Embed API services without any API keys. Nowadays no-one can create an embed frame like the example without API key and it will retire soon. So it is not exploitable.
• The second one uses client-id security mechanism rather than API key, as I mentioned on my blog post. You can figure it out with the "client" parameter on the URL. You can see that for the old Embed API examples, Google's own client-id is used, which will retire soon as far as I know.

[CyberBeta]

Ok, Thanks for the update @ozguralp
Waiting for the retire thn i will report the bug tot them.