Blog

Stored XSS in Google Doubleclick Studio [Google Research Grant]

This bug was reported under Google Research Grant. I received $500 research grant from Google in November 2020 and decided Double Click Studio as target. Type : Stored XSS URL : https://www.google.com/doubleclick/studio/#creatives: The XSS bug executes under a sandbox domain, hence it was not eligible for a reward. Reproduction Steps :  Create a HTMl file with the following vector : Now go to https://www.google.com/doubleclick/studio/#creative: and…

Read More

cPanel UI & Permission bug leads to source code dump of millions of sites

Vulnerability Details : Type: UI and Permissions Issue Vulnerable Module: Cpanel File Manager Compress. Details & Impact : Cpanel File Manager has File/Directory Compression functionality. This function is vulnerable to a critical security issue. Basically, any normal cpanel user while taking file backups select all the files and hit compress. Now the file name is automatically named as the first folder of the directory (ex .well-known) and…

Read More

CSRF bug to access private reports to Google VRP

Summary : Specified URL is vulnerable to CSRF. Request to this url contains XSRF token but not validated at the server end causing the private reports data to be accessed . This bug requires social engineering to get exploited. CSRF Vulnerable URL : https://bughunter.withgoogle.com:443/api/reports Prerequisites : Victim must be logged in to bughunter.withgoogle.com. Attacker needs to prepare a genuine looking web page to build trust…

Read More

Thank You Google VRP

Hey Everyone 🙂 , I really hope you are doing good . This post is about Google VRP. Before starting to write anything , I would like to thank Google for starting its Vulnerability Reward Program (VRP) and another thanks to Google Security Team for being so nice and responsible. Last year , I met Google Security Team during NullCon Conference at Goa . It…

Read More

Exploiting Clickjacking Vulnerability | Google

Bug Type: Clickjacking Vulnerability Browser: Android Browser Vulnerable Module: Google Talkgadget / Hangouts Url : https://talkgadget.google.com Vulnerable Browser/users: Android < 4.4 Status :Fixed . Hello world 🙂 , I really hope you guys are doing great . Its been a long time , i could not post stuff . This post is about a clickjacking vulnerablity i found in one of the google service , that is Google Hangouts .It…

Read More

Exploiting the end user | XSS via svg files

As i am proceeding with my masters study(M.Tech) in computer science , the broad research topic i will be researching upon is Web Application Security . Under that broad area the specific research i have selected is , What are the various ways to exploit the end user means the client side . So i will be focussing on exploiting via daily life objects of…

Read More

Youtube Editor XSS Vulnerability

Bug Type: Stored | DOM Based and Self Executed XSS Vulnerability Browser: Chrome, Mozilla , IE etc Vulnerable Module: Youtube Editor : https://www.youtube.com/editor Status :Fixed . Detailed WriteUp: Hey all 🙂 I sent this XSS vulnerability report to Google in October last year. The vulnerability existed in the Youtube Video Editor Module. When you go to the images tab on this editor page.There is a feature to upload…

Read More