Attacker can create Google Document, Drawing, Forms, Spreadsheet, Presentation in the Victim’s Google Drive and get a Can get Permission to that Document. In Simple terms the created document will be shared with the attacker.
Google Services Vulnerable this attack:
Tested Browser Versions
Attacker Browser: Internet Explorer 9
Victim Browser : Google Chrome Version 25.0.1364.152 m Updated
– Attacker will send a mail to the victim that contains the Malicious URL.
– Victim will Click and Interact with it.
– Attacker will be successful in creating a document in Victim’s Google Drive with the Edit Permissions