G o o g l e ! Bug : Circumventing "Limit to 1 response" of Google forms ( Parameter Injection ) Discovered on: 30th, November 2016. Research Time: 2:00 p.m to 9:30 p.m. Earn more by display ads on blog with Lithific Ads The setting is "Limit to 1 response" which means only one response per user. Once you filled the form there will be no chance to edit the responses or again fill a new form. If you open the form to fill again, the response would be like the image below. There is no way to edit or fill another form (Hurdle 1). I created a test form and checked "Edit after submit". Once this test form is filled I can change the previous response. I clicked on the "Edit your response"and intercepted the request. I changed the form id and forwarded the request. I was able to see the form that was submitted. When I edited the form and submitted, a blank form was sent. (Hurdle 2). I analysed the requests f
Hi ! I'm a Sofware Engineer, strive to exploit security flaws only on Tech giants, though all the time my attacks go into the graveyard 😕. Guitar🎸 | Bug Bounty🐞🤑 | Love life
Comments
Post a Comment