Monday 20 October 2014

Google XSS Vulnerability



Hello friends today i will show you how i Got Google XSS Vulnerability ,When i searching in google support section i think may be i should try to finding xss here ,Then i start trying ,First as usual i put my name in search box " bhati "



 Google XSS Vulnerability

And found that is reflecting back in the source code properly , So i decided to try my luck , i was hoping for the best for this xss


Actually i always put <xss>""() for analysis that which word is filtered out and when the response come back i was feeling like boss , because there is no filtration or sanitation applied

Then i try to input payloads as you know ;-)
So finally payload is - <script>alert("ss")</script>


then finally Google XSS Appeared










I was reported to google about that then after 6 hour i got reply from them "Nice Catch" , they promise to reward me by 500$ for this finding

And they put my name on their hall of fame page




Thanks To Google Security Team.............Google XSS Heehaaaaa

 This is all about Google XSS Vulnerability Thanks for your time :)

2 comments: