Google APIS ClickJacking ( $1337)

Hi everyone,

Today i want to tell how i got $1337 from google bug bounty program.I find security vuln at many google subdomain,But i does not found any vuln.

Image for post
Image for post

I try to search using google dork for open redirect.In this case i don’t know that google does not pay for open redirect ( note . If you want to find vuln,you need to read program rule first).

I use this google dork

site:*.google.com inurl:href=http

I found some url. I try to embbed all url in iframe because i see one clickjacking writeup in facebook.

<iframe width=500 height=500 src="https://apis.google.com/_/widget/render/page?usegapi=1&href=https://plus.google.com/[here google plus id ]"></iframe>

But i got 404 error page.I does not know what to make to get webpage’s ui.I reflesh the webpage.Boom!! got google plus profile page.

Image for post
Image for post

I am so happy

Image for post
Image for post

The reason for the 404 is that the whole UI is going down (planned shutdown of Google+ - https://www.blog.google/technology/safety-security/expediting-changes-google-plus/ ).

I report to google and google vrp accepted my report.They pay me $1337.

Image for post
Image for post

Google HOF : https://bughunter.withgoogle.com/profile/40b3c633-09ea-476e-b09f-ec00237029c3

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store