Google adwords 3133.7$ Stored XSS
welcome my brothers and friends.
I would love to thank you for your support and wish success to all.
There was a dream called Google and its HOF without thinking about reward or anything else.
This vulnerability was the easiest vulnerability and more vulnerability has been rewarded so far.
In 17/02/2018 I posted a post on Facebook.
Because I always choose my target and do not go to another without ending it completely.
My work as a lawyer also takes all my time and I only have 6 hours daily to do my hobby.
On 08/03/2018 while browsing my gmail I clicked on even more from Google . You will find it in the up right side.
After browsing the entire page I chose my target which is Google adwords.
I logged in and started the test and moved from page to another and in fact I
was playing didn't expect to find anything.
I was added many payloads hoping that the magic alert would appear.
I went to this page:-
I added a new conversation and in the conversation name i put this payload.
After added the payload it pupped up many times and I thought it might be a
self XSS so i clicked on prevent this message to continue and complete it.
After completion i have clicked on Save Conversation.
And the payload didn't pupped up any more because i chooses to prevent the XSS alert.
I copied the entire URL and paste it into the browser in a new tab and this time I got shocked.
The payload was stored on the page and works on all the latest versions of browsers.
And worked on Firefox in windows.
I made a cup of coffee and lit a cigarette and wrote the report and I made a
video to explain the vulnerability and report it to Google and waited for the
reply hoping not to be duplicated.
I received a message from Google accepting the vulnerability
and nice catch ( i loved it ).
A very easy vulnerability and I got A good bounty from Google Vulnerability Reward Program and HOF.
Finally my name added to Google HOF.
08/03/2018 I have found the vulnerability and Email sent to Google
08/03/2018 Got automatically replay confirms they’ve received my message
08/03/2018 I received a message from Google accepting the vulnerability
08/03/2018 I received a message from Google nice catch ( i loved it )
20/03/2018 closed the report and changed the status to Resolved
20/03/2018 Rewarded $ 3133.7 for Stored XSS in google adwords
I would love to thank you all for your patience in reading my write up and for
your continued support.
I'm very happy to unlock this achievement and my goal for this year is perfect so far.
sorry for my bad English but just i wanted to share this with you as always i doing.
The POC video hope you will like it:-