Wednesday, June 13, 2012


Killing a bounty program, Twice (HITB 2012 Slides) by Nir Goldshlager, Itzhak (Zuk)


1.

Google Picnik File Inclusion (Shell on Google server), The Picnik is Over!

2.

Google Affliate Network, Hijack any user account by permission vulnerability,

3.

XSS in blogger.com


PoC Videos:


Google Books DOM XSS:






Google Calender Stored XSS: 







Google Analytics, Cool Stored XSS: 








Google Friend Connect Stored XSS: 








Google Knol, Access to privates docs using Google Knol Translator Tool: 








Google Feedburner Stored XSS:




 




To Be Continue ;) Enjoy....

1 comments:

Danijel said...

You guys are great , any suggestion for I book on web application security.2

Post a Comment