Security researcher Shriram KL discovered a flaw Google document
That one can give Hacker
Access to the contents of documents stored in the service.
The drawback was the “Send Feedback” tool (located in the Portuguese version of the docs “to help improve Google Docs”), which suggests users to improve or report. Google
Problems in the text editor. This tool has the option of sending it with a comment, a screenshot of the currently open document.
According to Shriram KL, the flaw in Google Docs is a means of redirecting the data, which makes this screenshot to another domain, which it controls, to “steal” the image that Google’s servers should be sent. The video below shows the flow of the attack:
Explore this flaw in Google document
This requires user interaction and the stolen data is limited to the part of the document that currently appears on the screen, meaning this is a very specific thing. But still, it is a risk Display of personal information
. And we must remember Hackers
It is good to walk the prey directly into a trap.
The defect, which was reported in July and recently corrected, earned the researcher US $ 3,133.70 (approximately R $ 16.4 thousand) as part of the rewards program. Google
, Which encourages researchers to search and report security holes
In the company’s products.