Reflected XSS in Google Sandbox domain

Reflected XSS in Google Sandbox domain – BugBountyPoc

Hello BugBountyPoc Viewers, my name is Florian Kunushevci, i’am an 16 years old ‘Security Researcher’ from Kosovo. Today i will share one of my old finding in google sandbox domain that how i found the Reflected xss in Google Sandbox Domain.Google Did not accept the bugs in Sandbox domain so I decide to share it with you all because it’s fun to know the method i used.

Reproduction Steps :

Creating the payload to execute:
1: Go to website jsbin.com
2: In the link put the Payload :  “><script>alert(document.domain)</script>
3: Execute it as Javascript and copy the link.
4: You will get like output.jsbin.com/$linkpayload$
——————-
Injecting at googletranslate:
1: Go to the https://translate.google.com/
2: Put the link u gain at the translate section./ output.jsbin.com/$linkpayload$
3: It will appear like (Blue Link) click on it and you will see an XSS Alert./

Screenshot : 

Reflected XSS in Google Sandbox domain

Reflected XSS in Google Sandbox domain

Hope you will learn something. Contact me on facebook if u have any questions: https://www.facebook.com/misteriozi.pirat.kwg

You may also like...

5 Responses

  1. Thanks designed for sharing such a nice opinion, article is fastidious, thats why
    i have read it entirely

  2. Vishal_Surelia says:

    use (document.location)

  3. Some truly interesting points you have written.Aided me a lot, just what I was searching for : D.

  1. April 12, 2016

    […] Read Also : Reflected XSS in Google Sandbox Domain […]

  2. February 15, 2017

    Look there for more:

    […]Nice blog here! Also your website a lot up fast![…]

Leave a Reply

Your email address will not be published. Required fields are marked *