I’m rioncool22, based on North Sumatera, Indonesia
Entering the Google Hall of Fame is one of my dreams. A lot of my time was spent looking for vulnerabilities on Google, but it didn’t work out. Until one day I received a notification from XSSHunter that my payload was executed on the googleplex.com subdomain :D.
To look for this vulnerability, I used Google Dorking to make the search easier.
Dork : site:support.google.com inurl:/contact/
If you searching with this dork, You will find lots of contact forms.
After some searching, i found this link https://support.google.com/cloud/contact/prod_issue 😀
Fill XSSHunter Payload in the name and get executed in Google Admin Panel
Step To Reproduce :
1. Open this link https://support.google.com/cloud/contact/prod_issue
2. Fill Subject, Full Description, and Affected product with XSS hunter Payload
3. XSS will be executed in googleplex.com subdomain 😀
Tips : You can upgrade the dork with another word, like “fill out this form” to find more contact forms 😀
Timeline :
- 26 Feb 2020 : Submit Report To Google VRP
- 27 Feb 2020 : First Respond From Google VRP
- 28 Feb 2020 : Nice catch!!!
- 25 Mar 2020 : Bounty Awarded $3133.70
- 11 Mar 2021 : Public Disclosure
Get in touch with me on :
- Hackerone : Click Here
- Twitter : Click Here
- Hall Of Fame : Click Here