Killing a bounty program, Twice (HITB 2012 Slides) by Nir Goldshlager, Itzhak (Zuk)

Nir goldshlager Killing a bug bounty program - twice Hack In The Box 2012 from Nir Goldshlager
 

1.

Google Picnik File Inclusion (Shell on Google server), The Picnik is Over!

2.

Google Affliate Network, Hijack any user account by permission vulnerability,

3.

XSS in blogger.com


PoC Videos:


Google Books DOM XSS:

Google Calender Stored XSS: 

Google Analytics, Cool Stored XSS: 

Google Friend Connect Stored XSS: 

Google Knol, Access to privates docs using Google Knol Translator Tool: 

Google Feedburner Stored XSS:




 

To Be Continue ;) Enjoy....