Active Members akkiliON Posted September 1, 2013 Active Members Report Share Posted September 1, 2013 (edited) # Exploit: *.Google.com - Cross-Site-Scripting Reflected# Author: akkiliON# URL Link: https://Google.com# Status: Submitted# PoC: Am s? revin cu un video când e fixat Edited September 3, 2013 by akkiliON Quote Link to comment Share on other sites More sharing options...
Darkb0t Posted September 1, 2013 Report Share Posted September 1, 2013 huum, very interesting, congrats, reflected in the browser crhomewere you logged in? Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Share Posted September 1, 2013 Yep, You can see in the right corner my name !I will come back with a video when is fixed.// Works on: Firefox Mozilla, Google Chrome, Safari, Opera, etc. Quote Link to comment Share on other sites More sharing options...
dekeeu Posted September 1, 2013 Report Share Posted September 1, 2013 Bravo. ! E de 3 sau 5k ? Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Share Posted September 1, 2013 Bravo. ! E de 3 sau 5k ?E într-una din aplica?iile lor importante, care se încadreaz? la 5000 $ Quote Link to comment Share on other sites More sharing options...
tpad Posted September 1, 2013 Report Share Posted September 1, 2013 acum spera sa nu fie dup Quote Link to comment Share on other sites More sharing options...
wildchild Posted September 1, 2013 Report Share Posted September 1, 2013 Ai uitat s?-?i cenzurezi numele Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Share Posted September 1, 2013 (edited) Ai uitat s?-?i cenzurezi numele Nu îi stres. Edited May 10, 2014 by akkiliON Quote Link to comment Share on other sites More sharing options...
Darkb0t Posted September 1, 2013 Report Share Posted September 1, 2013 hmm, I'm interested,I have some SQL INJECTION GOOGLE, I do not know more powder may enter the program rewards googleproof:View image: sqlinjection googlehave a message box, since I typed cookiesinjection, then a dialog appeared, I think cookies, but I do not think I can do again, maybe I'm using the wrong parameter,I think google maps has no rewards AKKILION; Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Share Posted September 1, 2013 hmm, I'm interested,I have some SQL INJECTION GOOGLE, I do not know more powder may enter the program rewards googleproof:View image: sqlinjection googlehave a message box, since I typed cookiesinjection, then a dialog appeared, I think cookies, but I do not think I can do again, maybe I'm using the wrong parameter,I think google maps has no rewards AKKILION;^ You're funny ! Quote Link to comment Share on other sites More sharing options...
dekeeu Posted September 1, 2013 Report Share Posted September 1, 2013 hmm, I'm interested,I have some SQL INJECTION GOOGLE, I do not know more powder may enter the program rewards googleproof:View image: sqlinjection googlehave a message box, since I typed cookiesinjection, then a dialog appeared, I think cookies, but I do not think I can do again, maybe I'm using the wrong parameter,I think google maps has no rewards AKKILION;Haha, auzi SQLi in Google. Mai venise cineva la un moment dat care se lauda ca a spart baza de date de la Google cu Havij.Ce ai gasit tu acolo nu e niciun SQLi,e doar un bug de afisare (ai un parametru in link care se numeste `output` care default are valoarea `js`, dar probabil ai schimbat valoarea si ti-a aparut acel box) Quote Link to comment Share on other sites More sharing options...
Darkb0t Posted September 1, 2013 Report Share Posted September 1, 2013 lol, you made ??me laugh, Quote Link to comment Share on other sites More sharing options...
Darkb0t Posted September 1, 2013 Report Share Posted September 1, 2013 Haha, auzi SQLi in Google. Mai venise cineva la un moment dat care se lauda ca a spart baza de date de la Google cu Havij.Ce ai gasit tu acolo nu e niciun SQLi,e doar un bug de afisare (ai un parametru in link care se numeste `output` care default are valoarea `js`, dar probabil ai schimbat valoarea si ti-a aparut acel box)well, it seems that you understandI used Webscanner and appeared several sql google xdlook at this link:"]https://books.google.com/local?err=1^source=s_d&saddr=&daddr=&f=q&source=s_q&output=js&hl=en&geocode=%20&abauth=51f1d3aeLSQzxdG_MVmBQfyVtK-Ji9AUe8o&f=%20[GOOGLE]I found it interesting Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Share Posted September 1, 2013 Darkb0t sper sa iei ban cat de repede pentru double post si pentru cretinism.Cat despre akillion, felicitari.Thank you Intru mai desear? pe forum. Quote Link to comment Share on other sites More sharing options...
dekeeu Posted September 1, 2013 Report Share Posted September 1, 2013 well, it seems that you understandI used Webscanner and appeared several sql google xdlook at this link:"]https://books.google.com/local?err=1^source=s_d&saddr=&daddr=&f=q&source=s_q&output=js&hl=en&geocode=%20&abauth=51f1d3aeLSQzxdG_MVmBQfyVtK-Ji9AUe8o&f=%20[GOOGLE]I found it interestingUse BRAIN-scanner and probably you will have more succes ! Quote Link to comment Share on other sites More sharing options...
lukas.luci19 Posted September 1, 2013 Report Share Posted September 1, 2013 Sa ne zici si noua,akkiliON ,daca vrei ,cati bani iti da cei de la google pentru ce ai gasit ! Chiar sunt curios Quote Link to comment Share on other sites More sharing options...
SilenTx0 Posted September 1, 2013 Report Share Posted September 1, 2013 e vorba de xss-ul pe care il stiu eu? Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Share Posted September 1, 2013 e vorba de xss-ul pe care il stiu eu?Yep. Quote Link to comment Share on other sites More sharing options...
a1234 Posted September 1, 2013 Report Share Posted September 1, 2013 Nice cruce bro, but i don't see where they list "cruce" in the bug bounties.Maybe darkb0t can explain to us. Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 1, 2013 Author Active Members Report Share Posted September 1, 2013 I just made a video now. I will upload the video when the bug is fixed. Quote Link to comment Share on other sites More sharing options...
iuly1997 Posted September 2, 2013 Report Share Posted September 2, 2013 Bravo akillon, ceva recompensa? Quote Link to comment Share on other sites More sharing options...
FarSe Posted September 2, 2013 Report Share Posted September 2, 2013 De 4k dolari iti iei o masinuta frumoasa si de 1k iti iei de consum. Faci o excursie toata tara .Good job. Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 2, 2013 Author Active Members Report Share Posted September 2, 2013 Bravo akillon, ceva recompensa?Înc? nu am primit r?spuns. Dar nu e de 5000 $ .... am gre?it eu. Din câte v?d, de când or m?rit pre?urile, dou? site-uri or fost scoase de la Other highly sensitive services [1] Maxim a? putea s? primesc $3,133.7. E bun ?i atât. Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted September 3, 2013 Author Active Members Report Share Posted September 3, 2013 S?-mi bag pula în el Bug Bounty-ul lor si tot.Acum v?d c? numai func?ioneaz? xss-ul. Au reparat vulnerabilitatea ?i nu am primit r?spuns.// Scuze de double-post. Quote Link to comment Share on other sites More sharing options...
dekeeu Posted September 3, 2013 Report Share Posted September 3, 2013 S?-mi bag pula în el Bug Bounty-ul lor si tot.Acum v?d c? numai func?ioneaz? xss-ul. Au reparat vulnerabilitatea ?i nu am primit r?spuns.// Scuze de double-post.Si la mine au facut la fel. Mai intai l-au reparat si apoi mi-au dat banii. So, chill . Quote Link to comment Share on other sites More sharing options...