GOOGLE PAY $$$ bounty | CSRF Bug in Google Pay

Google Pay CSRF vulnerabilty.

Google Pay app is service that lets you do payments online using the UPI.
But I found in on the Web Application where user can request money from a user.

The HTTP Request for the following when a user requets for money is as seen in the image:

It contains the HTTP Header that contains the anti-csrf token. I deleted the anti-csrf token and sent the request.

After few seconds you get a mail from the victim that has requested money

After I submitted the report. I got reply within 24 hours

Bounty $500

Yaswanth Mangalagiri

Search This Blog

GOOGLE PAY $$$ bounty | CSRF Bug in Google Pay

Comments

Post a Comment