Script Gadgets! Google Docs XSS Vulnerability Walkthrough

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=aCexqB9qi70


Category:
Walkthrough
Duration: 18:57
138,765 views
7,217

A very interesting Cross-site Scripting Issue in gDocs Spreadsheets. I get a chance to talk to the bug hunter Nick, as well as Google engineers to understand both sides. How did he find it? And why did this vulnerability exist in the first place?

Nickolay: https://thisisqa.com/

The video is sponsored by Google's VRP: https://www.google.com/about/appsecurity/reward-program/

00:00 - Introduction
00:53 - Following reproduction steps
02:13 - What is postMessage()?
03:04 - Script Gadget: the hlc() function
03:30 - Script Gadget: ui.type instantiation
04:22 - Vulnerability summary
05:12 - Nick's focus on gviz
06:47 - Script Gadget: chartType injection
08:09 - Script Gadget: drawFromUrl exploit technique
08:57 - chartType injection fix
10:13 - Code refactoring cause of XSS
11:12 - How to find ui.type option?
14:04 - What to do with ui.type Script Gadgets?
15:13 - Why does hlc() exist?!
15:40 - JSONP sandbox
17:16 - Nick's background story

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2020-10-08Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020
2020-09-28Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020
2020-09-18XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020
2020-09-09XSS a Paste Service - Pasteurize (web) Google CTF 2020
2020-09-01Why Hackers Love the Number 1,094,795,585
2020-08-25FPGA simulated on a GPU - GPURTL Google CTF Finals 2019 (reversing)
2020-08-21Winners of Google Capture-The-Flag Finals 2019 🏳️
2020-08-16Defusing a Bomb at Google London HQ - Having a Blast Google CTF Finals 2019 (hardware)
2020-08-12Google CTF Finals 2019!
2020-08-08Bug Hunter Talks & Init.G for Student - Escal8 2019 Day 2
2020-07-31Script Gadgets! Google Docs XSS Vulnerability Walkthrough
2020-07-21VLC Kill Bill: Easter Egg Reverse Engineering
2020-07-08MMO Hacking Game Design in Unity (IL2CPP) - Game Devlog #4
2020-06-30Unity Multiplayer/MMO Game - Game Devlog #3
2020-06-24Igniting Creativity for a (Hacking) Game - Game Devlog #2
2020-06-17How To Learn Something New? - Game Devlog #1
2020-05-31CTFs are AWESOME!
2020-05-31CTFs are TERRIBLE!
2020-05-11Why MissingNo Multiplies Items!
2020-05-02Researching MissingNo Glitch in Pokemon
2020-04-24DLL Injection to Create a Fly Hack - Pwn Adventure 3


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
google xss
gdocs
google docs
cross site scripting
cross-site scripting
xss
stylesheet
sheets
walkthrough
javascript gadgets
SOP
iframe
DOMxss
postmessage
jsonp sandbox
jsonp
charts
chart api
vulnerability
bug bounty
vrp
bugbounty
bug bounties
vrp grant
thisisqa
thisisqa.com
quality assurance
reverse engineering