Same Origin Method Execution on Google Plus - Ben Hayak

Ben Hayak has shared details on a recent Same Origin Method Execution vulnerability in Google Plus, which allowed him to download a user’s private photos and videos that they’ve uploaded to Google Plus.

His full POC is on his blog, but there’s a video below.

Full POC Write-up

1 Like