Friday, June 21, 2013

Google Bug Bounty - Dont Waste Your Time XSSing the Sandbox Domain

Hi All,
In this post I'm going to share some of XSSes I found for Google Bug Bounty. However all of these findings are located in their sandbox-domain.

Eventhough there's still a risk for user such as phishing,malware,jdb and so on,still under Google Bug Bounty Program,it is not acceptable.

This info is mentioned at their page

If you still trying to send bugs found in sandbox-domain,this kind of email will appear in your inbox

The domain in which the feature is hosted is specifically meant as a
compartmentalized "sandbox" for various types of potentially unsafe,
user-controlled content. This domain is isolated from any sensitive
content due to the same-origin policy.
 Since there's no reward for sandbox-domain, I asked their permission to publish the bug in my blog and got their permission :)

Below are some of XSSes I found in their sandbox-domain and of course,rejected -_-"

bug existed due to old version of Jplayer

similar issue found in, old version Jplayer

Stored XSS. Can found this in Google Current. However,there's someone else found this previously

This one found after Internetwache posted in his blog trying to bypass limited char XSS.

I think that's all! See you again!