The Backend Engineering Show with Hussein Nasser artwork

He found a way to Hijack Private Google Docs Screenshots with a clever hack - Google paid him $4000

The Backend Engineering Show with Hussein Nasser

English - January 24, 2021 18:42 - 10 minutes - 6.29 MB - ★★★★★ - 5 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Brave is Decentralized - Users can Consume and HOST IPFS Decentralized Web Content through Brave
Next Episode: This YouTube Backend API Leaks Private Videos - Research rewarded $5000

A vulnerability in Google Feedback component in postMessage allowed this security researcher to find a way to hijack private screenshots   https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/ https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage