Active Members akkiliON Posted January 14, 2019 Active Members Report Posted January 14, 2019 Salutare tuturor, A trecut ceva timp de când n-am mai postat ce am găsit pe aici. Am găsit un XSS reflected în https://pay.google.com. Din păcate, merge doar pe Internet Explorer 11 din cauză că browser-ul nu suportă CSP-ul. Partea bună, este că vulnerabilitatea pe care am găsit-o a fost validată. Cam atât pot spune în momentul de față. Numai bine. 7 Quote
Active Members akkiliON Posted January 15, 2019 Author Active Members Report Posted January 15, 2019 Update: Quote Hi, Nice catch! I've filed a bug based on your report. The panel will evaluate it at the next VRP panel meeting and we'll update you once we've got more information. All you need to do now is wait. If you don't hear back from us in 2-3 weeks or have additional information about the vulnerability, let us know! Expand 2 Quote
Active Members akkiliON Posted January 23, 2019 Author Active Members Report Posted January 23, 2019 Update: Reveal hidden contents Hello,Thank you for reporting this bug. As part of Google's Vulnerability Reward Program, the panel has decided to issue a reward of $5000.00.Important: if you aren't registered with Google as a supplier, p2p-vrp@google.com will reach out to you. If you have registered in the past, no need to do it again - sit back and relax, and we will process the payment soon.If you have any payment related requests, please direct them to p2p-vrp@google.com. Please remember to include the subject of this email and the email address that the report was sent from.Regards,Google Security Bot 9 Quote
