Yaswanth Mangalagiri

Bug discovered on :1st May 2017                 Research time: 10:30 a.m. -11:00 a.m. The comments section of Google Docs is vulnerable to clickjacking. Attacker can make the victim to... a. Change the comment notifications. b. Delete the comments 29th May 2017: Bug reported 2nd June 2017 : Bug filed for Panel's evaluation 21st June 2017 : $500 reward issued. Both the bugs are fixed by disabling the Notications and Delete on comments.

Bug discovered on:  1st May 2017       Research time: 10:30 a.m to 11:00 a.m The Google Document is having Google Keep for make notes. It is accessble through Tools menu's   Keep notepad   ,  which opens up Google Keep on the right hand side of the window. The notes could be deleted between clicks by tricking the user. May 1st 2017 : Bug reported. May 2nd 2017: Bug Triaged. May 5th 2017 : Bug filed for panel's evaluation. May 12th 2017:  $500 reward issued ! The vulnerability is now fixed by removing the Delete   and  Add to document  options if the document is embedded in any site and making it work only in docs.google.com.

Bug discovered on: 19th March 2017       Research time: 4:30 p.m to 7:00 p.m Earn more by display ads on blog with  Lithific Ads The security flaw in this post is a combination of the first two Google Bugs which I posted on this blog.  4 months ago...   I was actually trying to find the encrypted ID of the Google drive file where all the form responses are recorded and bypass "Limit to 1 response". In the end, I couldn't find the ID and ended up with the other. The vulnerabilities are: 1.) Leaking of the ID of file in Google Drive containing the form responses. 2.) Obtaining the email-id of the user with just 2 clicks. The vulnerabilities are tested on my test account. Here's how I found out... https://www.iconfinder.com/yaswanth-mangalagiri Want to get icons for app Development Here  it's  https://www.iconfinder.com/iconsets/movie-53 https://www.iconfinder.com/iconsets/office-504 https://www.iconfinder.com/iconsets/security-259 The below i

Missing x-frame protection              Discovered on: 22nd, January 2017.            Research Time: 10:00 p.m to 12:00 a.m. Earn more by display ads on blog with  Lithific Ads          Well-placed clicks can make you do unintended actions like DELETING your comments if there is no X-frame protection for any web page because it could be embedded in a frame of evil 😈websites. The attackers can place few clickable elements on the page and make the users perform sensitive actions. I was testing on Yahoo! for vulnerabilities on 21st January and thought to check for Clickjacking vulnerability if other attacks couldn't succeed. I was successful in finding clickjacking vulnerability in one of the end points of  finance.yahoo.com . I thought of submitting the bug to Yahoo! but unfortunately , this type of vulnerability was out of scope😑. Later I thought of testing Google! because my rank was going down. It was around 10:00 p.m. I was just going through the Google Open Sou

Bug discovered: 26th December 2016.                Research time: 8:30 p.m - 10:00 p.m                          Earn more by display ads on blog with  Lithific Ads CSRF is an  abbreviation for Cross-site Request Forgery.  Web applications issue anti-CSRF tokens when a user requests for actions like Submitting a form , so that the request originates exclusively from that domain. This vulnerability comes into play when the server is not validating the anti-CSRF tokens, through this vulnerability you can make a user perform some actions even though he/she didn't intend to do that. Want to get icons for app Development Here  it's  https://www.iconfinder.com/yaswanth-mangalagiri https://www.iconfinder.com/iconsets/movie-53 https://www.iconfinder.com/iconsets/office-504 https://www.iconfinder.com/iconsets/security-259 I wrote a HTML code for submitting the form.  <html> <form action="[url]" target="_self" method="POST" id="[form-sp