Sunday, November 29, 2015

Stored XSS in Google Docs (Bug Bounty)

I have found a Stored Cross Site Scripting vulnerability in Google Docs (https://docs.google.com). The XSS was pretty simple and at first I was not expecting a reward. The vulnerability lies within the main Google Docs interface (creating a document.). To reproduce, create an HTML file embed with the payload. Then save it as HTML and open it. Drag and drop the produced XSS vector in to Google Docs and XSS will pop. The vulnerability was fixed by Google within a week (pretty fast). I also received a bounty and listed in their Hall of Fame. I got the "Elite (31337/eleet)" reward.


Image POC: 






Video POC: 






Timeline:

November 4 ----- Reported
November 5 ----- Report was Triaged
November 6 ----- A bug was filed according to Michael J. (Google Security Team)
November 12 ---- Rewarded by Google Security Team

 
Reward:

$3,133.7 


1 comment: