Gsuite Hangouts Chat 5k IDOR
Hello everyone, So as most of you should see the Google VRP has started doing a bug of the week promotion. One of my submissions has been selected for this week so here we are. This is a write up about a IDOR I found back in March affecting chat.google.com. Back in March after scrolling through twitter I noticed Google Chat was trending. Immediately I thought it was a new product being pushed and started to read some of the posts about it. After looking into it the product was a new team collaboration chat room for gsuite customers and their users to message each other in. Just like most bug hunters when you see a new product being rolled out its time to go and test it. I then setup my gsuite account and went to chat.google.com. Now this was a chat area and as a result of this xss was the first thing I was testing. I did not find anything related to that but maybe someone else did ;). Since it was a new feature though I was pretty determined it had to have something so I laun