I recently found a pretty simple one on https://accounts.google.com/, which is a... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

reginaldo on Dec 30, 2012 | parent | context | favorite | on: How I got a $3,500 USD Facebook Bug Bounty

I recently found a pretty simple one on https://accounts.google.com/, which is arguably Google's most valued domain. I believe XSS is the most common vulnerability these days. One doesn't even have to be able to inject javascript per se. Only a CSS style is enough in many cases.

TomAnthony on Dec 30, 2012 [–]

The bounty for that page is ~$10k or such, no? Did you get anything?

reginaldo on Dec 31, 2012 | [–]

Actually it is $3133.7 (eleet). I got it, of course. The security team at Google is, simply put, awesome.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact