2. You will find instances of various files that contains a URL link of google spreadsheet links.
Press enter or click to view image in full size
3. Open all the files and search for the spreadsheet links4. After opening the file search for the spreadsheet link and click on it, you will be redirected to the spreadsheet link.5. Now click on Edit and you will see a dropdown with various actions like undo, redo, copy, paste, paste special, delete.Note: If these are not highlighted then it means it is not vulnerable.
Press enter or click to view image in full size
Not Vulnerable
Press enter or click to view image in full size
Vulnerable
Note: If you click on share option, you will see the permission is set to Editor access and owner’s email id disclosed as well.
Press enter or click to view image in full size
Edito Access Control
6. For PoC you can simply add your name, and evil.com. Note that the changes will be permanently reflected in the original file.
PoC
So, I hope you get the impact and severity of the vulnerability with all the examples above.An attacker can simply not just edit, modify or defame the organization and the content but can also entirely delete the existence of the file itself in a snap. Which is absolutely crazy!
Verification
When testing, carefully verify key elements: ensure that the spreadsheet belongs to the target organization, confirm it has improper edit permissions, and check whether it contains PII. Only then should it be considered a critical P1 bug. If it only has improper edit permissions or only PII without permissions issues, it may be classified as medium or low severity.
Some accepted bugs using this method
Press enter or click to view image in full size
Tip: Try to manually check all the files that contain the spreadsheet links with a logged in Google Account in your browser.
