And found that is reflecting back in the source code properly , So i decided to try my luck , i was hoping for the best for this xss. Actually i always put <xss>””() for analysis that which word is filtered out and when the response come back i was feeling like boss , because there is no filtration or sanitation applied Then i try to input payloads as you know.
So finally payload is – <script>alert(“ss”)</script>
then finally Google XSS Appeared
I reported to google about that then after 6 hour i got reply from them “Nice Catch” , they promise to reward me by 500$ for this finding And they put my name on their hall of fame page.
No comments:
Post a Comment