Bug discovered on :1st May 2017 Research time: 10:30 a.m. -11:00 a.m.
The comments section of Google Docs is vulnerable to clickjacking.
Attacker can make the victim to...
a. Change the comment notifications.
2nd June 2017 : Bug filed for Panel's evaluation
21st June 2017 : $500 reward issued.
Both the bugs are fixed by disabling the Notications and Delete on comments.
Comments
Post a Comment