It been a long time, I updated my blog. Actually I was a bit busy in learning mobile platform pentesting, and there is one more reason I don't wanna update my blog.
But let it be, Let's start..
So Today I m gonna share one of my Google PoC, which I have just founded in Google. Actually in Youtube.
[+] Vulnerable Domain : https://gadgets.youtube.com/
[+] Status : Patched
So, On morning I was just thinking, It's been a long time I pentested Google Inc. As I always use to pentest facebook and its domains.
I started gathering some common information and using Google Hacking ( I mean to say Google Dorks). There I found a domain named gadgets.youtube.com
And due to experience and its UI. I thought there could be a bug their, let's try.
I opened the website, and setup burp with my chrome browser.
My burp intercepted approx. 4-5 requests. Suddenly in one of the request I found something juicy. i.e. I am able to see my google account credentials in clear text, in the request.
I reported to Google immediately within 2 days the replied, "the bug is being triaged and nice catch bla bla".
After some days, I got the HoF and a good bounty reward from Google.
And here is my Google HoF.
No comments:
Post a Comment