Google Analytics has a query parameter that can be used to extract arbitrary dat... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		epmatsw on Jan 6, 2018 \| parent \| context \| favorite \| on: Harvesting credit card numbers and passwords from ... Google Analytics has a query parameter that can be used to extract arbitrary data. So make a request to that with an ID that you control I guess? GitHub mentions it in their CSP post: https://githubengineering.com/githubs-post-csp-journey/

hrrsn on Jan 6, 2018 [–]

Related: this Analytics attack has actually happened

https://www.reddit.com/r/btc/comments/7dsmvd/my_analysis_of_...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact