XSS on Google | Writeup by Narendra Bhati
Labels:
Google,
Narendra Bhati
Today we have writeup of a well known amd probably the good Indian Security Researcher Narendra Bhati. Couple of months back, he found XSS vulnerability on Google. Lets check out his writeup by his own words...
Hello friends today i will show you how i Got Google XSS Vulnerability, When i searching in google support section i think may be i should try to finding xss here, then i start trying ,First as usual i put my name in search box ” bhati ”
And found that is reflecting back in the source code properly , So i decided to try my luck , i was hoping for the best for this xss. Actually i always put <xss>””() for analysis that which word is filtered out and when the response come back i was feeling like boss , because there is no filtration or sanitation applied Then i try to input payloads as you know.
So finally payload is – <script>alert(“ss”)</script>
then finally Google XSS Appeared
I reported to google about that then after 6 hour i got reply from them “Nice Catch” , they promise to reward me by 500$ for this finding And they put my name on their hall of fame page.
Hello friends today i will show you how i Got Google XSS Vulnerability, When i searching in google support section i think may be i should try to finding xss here, then i start trying ,First as usual i put my name in search box ” bhati ”
And found that is reflecting back in the source code properly , So i decided to try my luck , i was hoping for the best for this xss. Actually i always put <xss>””() for analysis that which word is filtered out and when the response come back i was feeling like boss , because there is no filtration or sanitation applied Then i try to input payloads as you know.
So finally payload is – <script>alert(“ss”)</script>
then finally Google XSS Appeared
I reported to google about that then after 6 hour i got reply from them “Nice Catch” , they promise to reward me by 500$ for this finding And they put my name on their hall of fame page.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment