Full Disclosure mailing list archives

Re: google plus vuln to XSS

From: Jad Boutros <jad007 () gmail com>
Date: Thu, 30 Jun 2011 22:07:41 -0700

Hi Pathric,

We've taken a closer look and haven't been able to replicate the bug. The
PoC URL appears malformed and/or incomplete.

Feel free to contact us directly via security () google com if you'd like to
clarify. Also, don't forget that bugs that are privately reported under the
vulnerability reward program are eligible for a cash rewards! (
http://www.google.com/about/corporate/company/rewardprogram.html)

-- 
Jad Boutros | Software Engineer - Security Team | jad () google com


On Thu, Jun 30, 2011 at 10:15 AM, pathric due <bugybu () gmail com> wrote:

i've found that google plus application have a parameter thats vulnerable
to XSS
https://plus.google.com/up/start/?sw=1&type=st?p=XSS vuln parameter

http://din.gy./xLSlj
http://din.gy./xLSlj



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

google plus vuln to XSS pathric due (Jun 30)
- Re: google plus vuln to XSS Jad Boutros (Jun 30)