Thank You Google VRP

Hey Everyone :) , I really hope you are doing good . This post is about Google VRP. Before starting to write anything , I would like to thank Google for starting its Vulnerability Reward Program (VRP) and another thanks to Google Security Team for being so nice and responsible.
Last year , I met Google Security Team during NullCon Conference at Goa . It was so amazing to meet them . Below is the one of the many pictures .
Picture credits: Thanks to veer Hemant Bansal :)

Exploiting Google Clickjacking Vulnerability to steal user cookies

Bug Type: Clickjacking Vulnerability
Browser: Android Browser
Vulnerable Module: Google Talkgadget / Hangouts
Url :
Vulnerable Browser/users: Android < 4.4
Status :Fixed .

Hello world :) , I really hope you guys are doing great . Its been a long time , i could not post stuff . This post is about a clickjacking vulnerablity i found ....

Exploiting the end user | Cross Site Scripting via svg files

As i am proceeding with my masters study(M.Tech) in computer science , the broad research topic i will be researching upon is Web Application Security . Under that broad area the specific research i have selected is , What are the various ways to exploit the end user means the client side . So i will be focussing on exploiting via daily life objects of virtual world which we use every time like images , videos , docs etc. Wish me luck with that :)
Coming on the point , I was reading the ....

Youtube Editor Stored | DOM Based and Self Executed XSS Vulnerability

Bug Type: Stored | DOM Based and Self Executed XSS Vulnerability
Browser: Chrome, Mozilla , IE etc
Vulnerable Module: Youtube Editor :
Status :Fixed .

Detailed WriteUp: Hey all :) I sent this XSS vulnerability report to Google in October last year. The vulnerability existed in the Youtube Video Editor Module. When you go to the images tab on this editor page.There is a feature to ....

Google Webmaster Markup Helper Framed Application XSS

Bug Type: Stored XSS Vulnerability
Browser: Internet Explorer 7 or less
Vulnerable Module: Markup Helper :
Status :Wont Fix .

Detailed WriteUp: Hey all :) Back in December 2014 I reported a Cross Site Scripting vulnerability to Google Security . Google webmaster has a module of Structured Data Markup Helper which takes a website URL as a input and render it afte ....