Thursday, May 23, 2013

Few XSSes found for Google BugBounty Program.

Hello,
Its been a while for me to update this blog. Here are some XSSes I found and were fixed by the Google Team.

thinkwithgoogle.com Reflected XSS via search form - rewarded

v1.zeromomentoftruth.com Stored XSS via CommentBox - HoF

Google Transliterate Self XSS - Dupe

sharegoogleapps.com Reflected and Stored XSS via email invitation - rewarded

sharegoogleapps.com Stored XSS via Google Contacts import - rewarded

afaik, all of these issues have been fixed.
There are two more issues will be shared with you guys in future :)

Thanks,
@yappare