Full Disclosure mailing list archives
Re: google plus vuln to XSS
From: Jad Boutros <jad007 () gmail com>
Date: Thu, 30 Jun 2011 22:07:41 -0700
Hi Pathric, We've taken a closer look and haven't been able to replicate the bug. The PoC URL appears malformed and/or incomplete. Feel free to contact us directly via security () google com if you'd like to clarify. Also, don't forget that bugs that are privately reported under the vulnerability reward program are eligible for a cash rewards! ( http://www.google.com/about/corporate/company/rewardprogram.html) -- Jad Boutros | Software Engineer - Security Team | jad () google com On Thu, Jun 30, 2011 at 10:15 AM, pathric due <bugybu () gmail com> wrote:
i've found that google plus application have a parameter thats vulnerable to XSS https://plus.google.com/up/start/?sw=1&type=st?p=XSS vuln parameter http://din.gy./xLSlj http://din.gy./xLSlj _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- google plus vuln to XSS pathric due (Jun 30)
- Re: google plus vuln to XSS Jad Boutros (Jun 30)