Google Bug Bounty $3133 Writeup XSS Vulnerability

Bug Bounty
Bug Bounty

$3133.7 Google Bug Bounty Writeup XSS Vulnerability.

The vulnerability was found by Pethuraj, he is a security researcher from INDIA, and shared the write-up with us.

Google has acknowledge him and rewarded with $3133.7.

We hope the following write-up will help to new Bug hunters and researchers.

“This is one of my interesting writeup for the vulnerability I found on one of Google’s sub domains.

I started to test Google for vulnerabilities in the hope of earning some bounties and to register my name in their Google Bughunter Hall of Fame Security Researchers list!

Writeup:

I Used tools like Knock Subdomain Scan, Sublist3r and other recon tools to find the sub domains of Google.

google-subdomains finder

Using some recon tools, I gathered many subdomains and interestingly I visited https://tez.google.com/ (now Google Pay). I found some parameters on the URL containing referrer id’s passing some values.

I used the Google Dork to filter out the specific search operators containing in the sub domain.

site:tez.google.com inurl:referrer_id=

I got some of the referrer_id’s in the search result like below.

I tried all the possible ways to exploit the publicly visible referrer_id and my bad luck, I couldn’t find any!

Interestingly, I found the referrer_id’s getting reflected in the part of the web page.

To my luck, I tried popping an XSS and it is XSS!

xss on tez site

I reported this vulnerability to Google and as per Google Vulnerability Reward Program (VRP).

Soon after I report, Google triaged my report and asked me to wait for the bounty amount and Hall of Fame.

And after waiting for some days, I received a mail from Google Security Team that I’m rewarded with $3133.7 bounty as this is just a DOM based XSS.

As per Google’s VDP, my vulnerability report falls on the below mentioned category and so $3133.7 bounty.

Along with bounty, I’ve also been added to Google Hall of Fame! Ranked 253 among 800 other Security Researchers.

That’s it in this writeup!

To find all my Acknowledgements / Hall of Fames / Bug Bounty journey, Visit https://www.pethuraj.in

Stay tuned for more writeups.

Thank you”

HackersOnlineClub team is congratulate to Pethu. Best of luck for future bounties.

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Oracle Linux 8 Released With TLS 1.3

Oracle Linux is a Linux distribution packaged and freely distributed by Oracle....
Read More

Leave a Reply