In February, security researcher Thomas Orlita discovered the attack. The vulnerability was fixed in mid-April, but it has not been disclosed until now. The security vulnerability is XSS (cross-site scripting) vulnerability, affecting the Google invoice submission portal, where Google's business partners submit invoices.
Most XSS vulnerabilities are considered benign, but in a few cases, these types of vulnerabilities can lead to serious consequences.
One of the vulnerabilities is Orlita's discovery. Researchers say that malicious threat actors can upload incorrectly formatted documents to the Google Invoice Submission Portal.
An attacker can use a proxy to intercept the uploaded file immediately after the form submission and validation operation is completed, and modify the document from PDF to HTML, injecting XSS malicious load.
The data will eventually be stored in the back end of Google's Invoicing system and executed automatically when employees try to view it. Orlita said that when an employee logs in, an XSS vulnerability is executed on the googleplex.com subdomain, which allows an attacker to access dashboard on the subdomain to view and manage invoices. According to the way cookies are configured on googleplex.com,Hackers can also access other internal applications hosted in the domain.
In general, like most XSS security vulnerabilities, the severity of this vulnerability depends on the level of hackers'skills.