writeups.xyz / GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts

Submitter : c2a

Date: 20 April 2023

Bounty : undisclosed

Vulnerabilities :

• Cloud
• OAuth
• Authorization Bypass

Programs :

• Google (GCP)

Authors :

• Astrix Security (@AstrixSecurity)

Link :
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/