Jump to content
Sign in to follow this  
akkiliON

XSS Reflected - pay.google.com

Recommended Posts

Salutare tuturor,

 

A trecut ceva timp de când n-am mai postat ce am găsit pe aici. :-)

Am găsit un XSS reflected în https://pay.google.com. Din păcate, merge doar pe Internet Explorer 11 din cauză că browser-ul nu suportă CSP-ul. Partea bună, este că vulnerabilitatea pe care am găsit-o a fost validată. 

 

W0uMTbN.png

 

Cam atât pot spune în momentul de față. Numai bine.

 

 

  • Upvote 8

Share this post


Link to post
Share on other sites

  Update:

Quote

Hi,

 

Nice catch! I've filed a bug based on your report. The panel will evaluate it at the next VRP panel meeting and we'll update you once we've got more information. All you need to do now is wait. If you don't hear back from us in 2-3 weeks or have additional information about the vulnerability, let us know!

 

  • Upvote 2

Share this post


Link to post
Share on other sites

Update:

 

Spoiler

Hello,

Thank you for reporting this bug. As part of Google's Vulnerability Reward Program, the panel has decided to issue a reward of $5000.00.

Important: if you aren't registered with Google as a supplier, p2p-vrp@google.com will reach out to you. If you have registered in the past, no need to do it again - sit back and relax, and we will process the payment soon.

If you have any payment related requests, please direct them to p2p-vrp@google.com.  Please remember to include the subject of this email and the email address that the report was sent from.
Regards,

Google Security Bot

 

  • Upvote 9

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...