One fine night when I was editing my Blogger Account I found an awkward behavior
This caught my eye and upon digging a bit ....BOOM
Now , Lets change this "continue"'s value = https://www.google.com
and it redirects to https://www.google.com
Lemme try something else "data:text/html;base64,......
AND......BOOM
Snapshots :
Anyways i wasn't rewarded a penny :( because of Browser Issue (nothing new with Google) and Same Origin Policy and some typical requirements and the list goes onn and on
Thanks to Google Security Team for fixing in the bug in matter of days and Listing me in Hall Of Fame
This caught my eye and upon digging a bit ....BOOM
POC :
The vulnerable link was : https://www.blogger.com/switch-profile.g?switchProfileSource=3&continue=/home
The vulnerable link was : https://www.blogger.com/switch-profile.g?switchProfileSource=3&continue=/home
Now , Lets change this "continue"'s value = https://www.google.com
and it redirects to https://www.google.com
Lemme try something else "data:text/html;base64,......
AND......BOOM
Snapshots :
Anyways i wasn't rewarded a penny :( because of Browser Issue (nothing new with Google) and Same Origin Policy and some typical requirements and the list goes onn and on
Thanks to Google Security Team for fixing in the bug in matter of days and Listing me in Hall Of Fame