Firebase authorizedDomains takeover — poplco — PoC
Origin:
| attacker-controlled host, in poplco Firebase authorizedDomains.
Sign in with Google (as a lured victim would)
CAPTURED poplco credential (attacker-origin JS holds it):