Hello Hackers, I’m Sokol Çavdarbasha, I’m 20 years old from Kosovo and welcome to my first story about a vulnerability that i found on Google Books.
Great. Now that we’re done with that, we can get to the real thing this article’s about.
One day I decided to hunt for vulnerabilities on Google.I was looking to find XSS (Cross Site Scripting) . So i start to digg into google.com and i was focused on Google Books.
So i thought why no to try here for XSS, and i type in search bar the following payload “><img src=x onerror=alert(1)>, and i got an book that another Security Researcher uploaded it to https://play.google.com
so i press the “Preview” button and the XSS gets triggered
the XSS triggered successfully, so i quickly report it to Google VRP Team at https://bughunters.google.com, and they responded quickly with a …
i was so happy that i got an “Nice catch” response from Google VRP Team with Priority P1 and Severity S1, and got rewarded $XXXX as this is my first valid bug that i reported to Google.
I hope that you enjoyed reading this article and sorry if there are things that are not clear.
Thanks for Reading : )
You Can Follow me on :