XSS on Google Custom Search Engine

Product Affected: https://cse.google.com Vulnerability: XSS (Stored with user interaction) Every bug that ever reported have some realized or unrealized inspirations. It can be a person, bounty, write-up or anything. In my case the inspiration was Google Vulnerability Research Grant that was rewarded to me prior to BountyCon 2019. I started looking for subdomain and landed... Continue Reading →

Journey through Google referer leakage bugs.

Hi there, This write-up is a walk-through to the misconfiguration which leaks sensitive URL through referer header.This affected various Google products and has been fixed now. Generally, Google have a feature to share documents through "shareable links". Which means you can generate an unique link for your project or document and share it. The person... Continue Reading →

DOM XSS in Facebook Mobile Site(app-login)

I was recently targeting adobe website for any vulnerabilities.I came to know that they were using (facebook/gmail) login to sign in instantly.when i clicked the ‘signin with facebook’,Facebook app login page was loaded.I just checked the url and saw there was a ‘cancel_url’ parameter,Which holds the url to which it redirects if the user choose... Continue Reading →

Facebook Email Takeover POC

This is a security vulnerablity i've found on facebook, however they have claimed this to be duplicate, even though i was the first and second reporter. (Both tickets were mine, and I proved it but they've then told this does not qualify LOL) - They have anyway did some changes in the DMARC policy that... Continue Reading →

Create a website or blog at WordPress.com

Up ↑