Its been a while..just get back to my blog and what I can see is similar to..
Ok. Going to share my old bug with Google BugBounty VRP. Its an XSS in the MapMaker,a tool to create/modify the Google Map I assume.
The bug exist on the comment form.
1 - Find any place(s) that you want to edit.
2 - Go to comment form and put your XSS payload. Easy Pitsy! :D
oh yea..your "><img src=x> and <a href=x> payload wont working for this case. Seems there's some filter happening in case we are using those payloads. Luckily, they missed-out <iframe> :)
0 comments:
Post a Comment