If you find a Google Api key exposed, verify whether it can be used to interact with other Google APi services and verify if some restriction is in place
Run the following script to identify the vulnerable API endpoints:
Try to send the request with another Referer header to see if there is no restriction in place
Last updated 7 days ago
