Hi Pathric, We've taken a closer look and haven't been able to replicate the bug. The PoC URL appears malformed and/or incomplete.
Feel free to contact us directly via [email protected] if you'd like to clarify. Also, don't forget that bugs that are privately reported under the vulnerability reward program are eligible for a cash rewards! ( http://www.google.com/about/corporate/company/rewardprogram.html) -- Jad Boutros | Software Engineer - Security Team | [email protected] On Thu, Jun 30, 2011 at 10:15 AM, pathric due <[email protected]> wrote: > i've found that google plus application have a parameter thats vulnerable > to XSS > https://plus.google.com/up/start/?sw=1&type=st?p=XSS vuln parameter > > http://din.gy./xLSlj > http://din.gy./xLSlj > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
