Posts

Showing posts with the label Google

Send request to Martians. Earthlings are already your friends.

Image
Hello everyone,

I'm back with another write up. This time it's a Google bug. YouTube is Google's video sharing site and a great place to explore. As a bug hunter, you can spend hours or days or even weeks in YouTube without hesitation.I always used YouTube to play some music when I worked as a developer last year.

When I started bug hunting, I tried YouTube multiple times and can't find any. Then I started hunting on another google services.

After hunting for more than 2 hours, I found a bug on one of Google's acquisition. According to Google, a video PoC is required only if it is contributing something that the text can't. But I'm a great fan of videos and my first bug to google (duplicate) contained a 15min video 😎.

I recorded a video of that bug I found and visited YouTube to upload it. when I clicked upload button, I noticed something strange aside it, something new. It looked like a message button.




But then, the upload page has loaded suddenly and the butt…

Hands On training | Google XSS Game

Image
Hello everyone,

In a previous post, I talked about XSS aka Cross Site Scripting. Hope you all got a basic knowledge now. In this post, I am giving you more information on XSS with a hands on training on the Google XSS Game. You can find a video on how to solve this at the bottom of the page.

At first, Google XSS Game is a training platform provided by google to practice XSS. It consist of 6 levels and in each level, you have to execute a JavaScript alert in order to advance to next level. In each level, you'll be provided with different problems and you've to execute the alert using different techniques in each level. This will help you to understand various methods than can be used to execute XSS in a web page.

There are hundreds of such websites available which allow you to practice various types of vulnerabilities.





So let's get started.

Navigate to https://xss-game.appspot.com. This is where the Google XSS Game is available.

You'll see a page like this




Click the but…