
Google YOLO clickjacking (2018) - _Microft
https://blog.innerht.ml/google-yolo/
======
dandare
> Update. Shortly after thie article was published, Google silently prevented
> my domain from using the API

That will certainly make the problem go away Google ;)

~~~
finnthehuman
Security reports at google are the same as any user interaction: they blow you
off until you prove your point on Hacker News

------
dang
Discussed at the time:
[https://news.ycombinator.com/item?id=17044518](https://news.ycombinator.com/item?id=17044518)

------
ethanburrell
Hey HN! I really enjoy this type of App Security, anyone know any blogs
devoted to this? Or any other places to learn more tricks like this?

~~~
EdOverflow
Aside from Filedescriptor's work, here are some of my favourite blogs in the
web application security space (not an exhaustive list):

\- [https://blog.orange.tw/](https://blog.orange.tw/)

\- [https://ngailong.wordpress.com/](https://ngailong.wordpress.com/)

\- [https://whitton.io/](https://whitton.io/)

\- [https://sakurity.com/blog](https://sakurity.com/blog)

\- [https://homakov.blogspot.com/](https://homakov.blogspot.com/)

\- [https://buer.haus/](https://buer.haus/)

\- [https://philippeharewood.com/](https://philippeharewood.com/)

\- [https://portswigger.net/research](https://portswigger.net/research)

\- [https://gerbenjavado.com/](https://gerbenjavado.com/)

\-
[https://medium.com/@intideceukelaire](https://medium.com/@intideceukelaire)

\- [https://samcurry.net/](https://samcurry.net/)

\- [https://stephensclafani.com/](https://stephensclafani.com/)

\- [https://www.josipfranjkovic.com/](https://www.josipfranjkovic.com/)

\- [https://www.arneswinnen.net/](https://www.arneswinnen.net/)

\- [https://blog.assetnote.io/](https://blog.assetnote.io/)

\- [https://medium.com/@alex.birsan](https://medium.com/@alex.birsan)

\- [https://cablej.io/](https://cablej.io/)

\- [https://jonbottarini.com/](https://jonbottarini.com/)

\- [https://www.corben.io/](https://www.corben.io/)

There is also this massive list of write-ups that might be of interest to you:
[https://github.com/ngalongc/bug-bounty-
reference](https://github.com/ngalongc/bug-bounty-reference).

Shameless plug: I write about web application security at
[https://edoverflow.com/](https://edoverflow.com/).

~~~
wrboyce
You may want to edit your comment so the links are not inside a code block
(and thus clickable). Thanks.

~~~
EdOverflow
Updated accordingly. :)

------
Thorrez
Obviously related to the Facebook comment jacking post from yesterday:
[https://news.ycombinator.com/item?id=22176180](https://news.ycombinator.com/item?id=22176180)

------
etxm
I feel like the cookie button is shady AF

~~~
p1necone
This is definitely a grey hat blog post.

