CSRF & Clickjacking : Google Document, Drawing, Forms, Spreadsheet, Presentation Attacker can create Google Document, Drawing, Forms, Spreadsheet, Presentation in the Victim's Google Drive and get a Can get Permission to that Document. In Simple terms the created document will be shared with the attacker. *Vulnerable Domain:* https://docs.google.com *Google Services Vulnerable this attack: * https://docs.google.com/drawings https://docs.google.com/forms https://docs.google.com/spreadsheet https://docs.google.com/presentation https://docs.google.com/document *Tested Browser Versions * * * Attacker Browser: Internet Explorer 9 Victim Browser : Google Chrome Version 25.0.1364.152 m Updated POC Video http://www.youtube.com/watch?v=OJaPIg_sMek *Reference* * * http://thehackernews.com/2013/03/hacking-google-users-with-googles.html * * * * *Steps*: - Attacker will send a mail to the victim that contains the Malicious URL. - Victim will Click and Interact with it. - Attacker will be successful in creating a document in Victim's Google Drive with the Edit Permissions Regard's *Christy Philip Mathew* Information Security Researcher Mob: +91-9555223888