Google Play - Cross Site Scripting (XSS) Vulnerability

Vulnerability Type: Cross Site Scripting (XSS)

  • Reported on 16 July 3013
  • Fixed on 17 July 2013

Details/Writeup-

Google recently changed it's design of Google Play which lead to this XSS vulnerability.

Head to Google Play settings (https://play.google.com/settings)

Change Nickname of your mobile to below XSS vector-

"><img src=x onerror=prompt(1);>

and click on Update.











Now, go to any application page.

The XSS vector will execute-



Google rewarded me with 5000$ for reporting this vulnerability.

3 comments

BEST & MOST WANTED
http://www.boombu.com - fitness you x
http://www.sextamina.com - sex xx
http://www.aceofbeauty.com - fat loss sexy
http://www.bestbuyx.com - sex xx
http://www.theorchidx.com - orchids orchidaceae phalaenopsis care
http://www.babxyz.com - dog food xx
http://www.babysolve.com - baby potty xx
http://www.suwandri.com - options trading xx
http://www.googleclickbank.com - forex fx xx
http://www.jelema.com - fat loss xx
http://www.bestbuygameguide.com -- betting money xx
mesothelioma master xx

Reply

Post a Comment