My fist Google Hall of Fame

> Published On September 26, 2016

> By severus

ThaiDN asked me “Did you have any Google’s bug ?”. I replied “Oh, I have no any bug of Google…”.

I found domain and some sub domain such as: logging, auth, chef… All of them will be redirected to When I enter, it’s redirected to It seems to be open redirect problem if I can stripped

I try and then I follow url to It’s vulnerable. Because it always returns 302, then I can only set cookie for sub domain…

Some other domains have the same problem. I submitted and asked Google “Did it have the same root cause ?”. Martin from Google confirmed it has same root cause and duplicated with previous report. Nice answer.

I contacted Google and received response quickly. The problem’s fixed now.

Thank you Google for Hall of Fame.

Credit: HoangDoan for non-technical advise.

  • Motivation: some guys call me a loser when I have no bachelor’s degree

Tags: bug bounty security google


comments powered by Disqus

© 2018 - Security Researchers Team. All rights reserved
Built using Jekyll