Yesterday we brought you news that Gmail is open to a filter-insertion technique that can allow attackers to forward mail with attachments to other addresses. Google confirmed that flaw yesterday.

But it looks like Petko Petkov isn’t the only researcher out there looking into Google flaws.

On Wednesday, Billy (BK) Rios posted on his blog that Google may be putting its own servers at risk because of a cross-domain exposure flaw associated with Google Documents.

Here’s a snippet:

“Google Documents basically allows you to upload your documents (a.k.a. content) to a Google server. Once you’ve uploaded the document, Google has essentially “taken ownership” of the document (content). There are ways to minimize the risks associated with taking ownership of content, and it seems that Google has taken some measures to sanitize for XSS… but it seems that their focus on XSS may have caused them to miss a different type of cross domain exposure.”

Rios’ blog also features proof-of-concept code.