[Google VRP] How I Get Blind XSS At Google With Dork (First Bounty and HOF )

I’m rioncool22, based on North Sumatera, Indonesia

Entering the Google Hall of Fame is one of my dreams. A lot of my time was spent looking for vulnerabilities on Google, but it didn’t work out. Until one day I received a notification from XSSHunter that my payload was executed on the googleplex.com subdomain :D.

To look for this vulnerability, I used Google Dorking to make the search easier.

Dork : site:support.google.com inurl:/contact/ 

If you searching with this dork, You will find lots of contact forms.

After some searching, i found this link https://support.google.com/cloud/contact/prod_issue 😀

Fill XSSHunter Payload in the name and get executed in Google Admin Panel

Step To Reproduce : 
1. Open this link https://support.google.com/cloud/contact/prod_issue
2. Fill Subject, Full Description, and Affected product with XSS hunter Payload
3. XSS will be executed in googleplex.com subdomain 😀

Tips : You can upgrade the dork with another word, like “fill out this form” to find more contact forms 😀

Timeline :

  • 26 Feb 2020 : Submit Report To Google VRP
  • 27 Feb 2020 : First Respond From Google VRP
  • 28 Feb 2020 : Nice catch!!!
  • 25 Mar 2020 : Bounty Awarded $3133.70
  • 11 Mar 2021 : Public Disclosure

Get in touch with me on :



Leave a Reply

Your email address will not be published. Required fields are marked *