Wednesday, June 11, 2014

XSS in Google MapMaker

Its been a while..just get back to my blog and what I can see is similar to..
sorry my dearie blog.

Ok. Going to share my old bug with Google BugBounty VRP. Its an XSS in the MapMaker,a tool to create/modify the Google Map I assume.

The bug exist on the comment form.

1 - Find any place(s) that you want to edit.
2 - Go to comment form and put your XSS payload. Easy Pitsy! :D

oh yea..your "><img src=x> and <a href=x> payload wont working for this case. Seems there's some filter happening in case we are using those payloads. Luckily, they missed-out <iframe> :)

cio :)