![]() We can see that this URL is used for displaying a PDF file. “The DOM of the page matches the XSS payload that was put instead of the PDF file. If you attempt to access the domain you will be redirected to a Google Corp login page for Google employees that requires the authentication. This domain is used by Google for hosting internal websites and apps. ![]() Orlita uploaded an HTML file including an XSS payload that, when triggered, would send him an email every time it was loaded.Ī few days later, the expert received an email message showing that the JavaScript code in the XSS payload had been executed on the domain. html.” reads the analysis published by the expert. We can intercept the request using a web proxy debugger and change the filename and the contents from. Once we select any PDF file, an upload request is fired. “Since this is just a front-end validation, it doesn’t stop us from changing the file type when sending the upload POST request. Using this trick it was possible to store malicious files in Google’s invoicing system and would have executed automatically when an employee tried to access it. The attacker had to intercept a request and change the uploaded file’s filename and Content-Type properties to HTML. The expert noticed that the ‘upload’ feature for actual invoice in PDF format could be abused to upload HTML files. ![]() Orlita explained that an attacker could have uploaded malformed files in the Google Invoice Submission Portal, via the Upload Invoice field. ![]() The attack was devised by the expert in February, and Google addressed the issue in mid-April after the researcher reported it to the tech giant. An attacker could also exploit the flaw to steal Google employee cookies for internal apps and hijack accounts or send spear-phishing messages. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |