Active Members akkiliON Posted September 1, 2013 Active Members Report Posted September 1, 2013 (edited) # Exploit: *.Google.com - Cross-Site-Scripting Reflected# Author: akkiliON# URL Link: https://Google.com# Status: Submitted# PoC: Am s? revin cu un video când e fixat Edited September 3, 2013 by akkiliON Quote
Darkb0t Posted September 1, 2013 Report Posted September 1, 2013 huum, very interesting, congrats, reflected in the browser crhomewere you logged in? Quote
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Posted September 1, 2013 Yep, You can see in the right corner my name !I will come back with a video when is fixed.// Works on: Firefox Mozilla, Google Chrome, Safari, Opera, etc. Quote
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Posted September 1, 2013 Bravo. ! E de 3 sau 5k ?E într-una din aplica?iile lor importante, care se încadreaz? la 5000 $ Quote
wildchild Posted September 1, 2013 Report Posted September 1, 2013 Ai uitat s?-?i cenzurezi numele Quote
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Posted September 1, 2013 (edited) Ai uitat s?-?i cenzurezi numele Nu îi stres. Edited May 10, 2014 by akkiliON Quote
Darkb0t Posted September 1, 2013 Report Posted September 1, 2013 hmm, I'm interested,I have some SQL INJECTION GOOGLE, I do not know more powder may enter the program rewards googleproof:View image: sqlinjection googlehave a message box, since I typed cookiesinjection, then a dialog appeared, I think cookies, but I do not think I can do again, maybe I'm using the wrong parameter,I think google maps has no rewards AKKILION; Quote
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Posted September 1, 2013 hmm, I'm interested,I have some SQL INJECTION GOOGLE, I do not know more powder may enter the program rewards googleproof:View image: sqlinjection googlehave a message box, since I typed cookiesinjection, then a dialog appeared, I think cookies, but I do not think I can do again, maybe I'm using the wrong parameter,I think google maps has no rewards AKKILION;^ You're funny ! Quote
dekeeu Posted September 1, 2013 Report Posted September 1, 2013 hmm, I'm interested,I have some SQL INJECTION GOOGLE, I do not know more powder may enter the program rewards googleproof:View image: sqlinjection googlehave a message box, since I typed cookiesinjection, then a dialog appeared, I think cookies, but I do not think I can do again, maybe I'm using the wrong parameter,I think google maps has no rewards AKKILION;Haha, auzi SQLi in Google. Mai venise cineva la un moment dat care se lauda ca a spart baza de date de la Google cu Havij.Ce ai gasit tu acolo nu e niciun SQLi,e doar un bug de afisare (ai un parametru in link care se numeste `output` care default are valoarea `js`, dar probabil ai schimbat valoarea si ti-a aparut acel box) Quote
Darkb0t Posted September 1, 2013 Report Posted September 1, 2013 Haha, auzi SQLi in Google. Mai venise cineva la un moment dat care se lauda ca a spart baza de date de la Google cu Havij.Ce ai gasit tu acolo nu e niciun SQLi,e doar un bug de afisare (ai un parametru in link care se numeste `output` care default are valoarea `js`, dar probabil ai schimbat valoarea si ti-a aparut acel box)well, it seems that you understandI used Webscanner and appeared several sql google xdlook at this link:"]https://books.google.com/local?err=1^source=s_d&saddr=&daddr=&f=q&source=s_q&output=js&hl=en&geocode=%20&abauth=51f1d3aeLSQzxdG_MVmBQfyVtK-Ji9AUe8o&f=%20[GOOGLE]I found it interesting Quote
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Posted September 1, 2013 Darkb0t sper sa iei ban cat de repede pentru double post si pentru cretinism.Cat despre akillion, felicitari.Thank you Intru mai desear? pe forum. Quote
dekeeu Posted September 1, 2013 Report Posted September 1, 2013 well, it seems that you understandI used Webscanner and appeared several sql google xdlook at this link:"]https://books.google.com/local?err=1^source=s_d&saddr=&daddr=&f=q&source=s_q&output=js&hl=en&geocode=%20&abauth=51f1d3aeLSQzxdG_MVmBQfyVtK-Ji9AUe8o&f=%20[GOOGLE]I found it interestingUse BRAIN-scanner and probably you will have more succes ! Quote
lukas.luci19 Posted September 1, 2013 Report Posted September 1, 2013 Sa ne zici si noua,akkiliON ,daca vrei ,cati bani iti da cei de la google pentru ce ai gasit ! Chiar sunt curios Quote
SilenTx0 Posted September 1, 2013 Report Posted September 1, 2013 e vorba de xss-ul pe care il stiu eu? Quote
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Posted September 1, 2013 e vorba de xss-ul pe care il stiu eu?Yep. Quote
a1234 Posted September 1, 2013 Report Posted September 1, 2013 Nice cruce bro, but i don't see where they list "cruce" in the bug bounties.Maybe darkb0t can explain to us. Quote
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Posted September 1, 2013 I just made a video now. I will upload the video when the bug is fixed. Quote
iuly1997 Posted September 2, 2013 Report Posted September 2, 2013 Bravo akillon, ceva recompensa? Quote
FarSe Posted September 2, 2013 Report Posted September 2, 2013 De 4k dolari iti iei o masinuta frumoasa si de 1k iti iei de consum. Faci o excursie toata tara .Good job. Quote
Active Members akkiliON Posted September 2, 2013 Author Active Members Report Posted September 2, 2013 Bravo akillon, ceva recompensa?Înc? nu am primit r?spuns. Dar nu e de 5000 $ .... am gre?it eu. Din câte v?d, de când or m?rit pre?urile, dou? site-uri or fost scoase de la Other highly sensitive services [1] Maxim a? putea s? primesc $3,133.7. E bun ?i atât. Quote
Active Members akkiliON Posted September 3, 2013 Author Active Members Report Posted September 3, 2013 S?-mi bag pula în el Bug Bounty-ul lor si tot.Acum v?d c? numai func?ioneaz? xss-ul. Au reparat vulnerabilitatea ?i nu am primit r?spuns.// Scuze de double-post. Quote
dekeeu Posted September 3, 2013 Report Posted September 3, 2013 S?-mi bag pula în el Bug Bounty-ul lor si tot.Acum v?d c? numai func?ioneaz? xss-ul. Au reparat vulnerabilitatea ?i nu am primit r?spuns.// Scuze de double-post.Si la mine au facut la fel. Mai intai l-au reparat si apoi mi-au dat banii. So, chill . Quote