[Bug Bounty] Open Redirect to XSS in Google

Hi there,

Few month ago i found a vulnerability in Google (Apigee Corp) which is acquired by Google in a deal worth $625 million in 2016. I was able to make open redirect lead to XSS as you know google did not use to accept open redirect.


  • apigee.com

While testing Apigee i found that stage parameter was redirecting to other websites. When i reported Team Google they rejected. I tried everything to redirect it to JavaScript eg – JavaScript pseudo.  All fail unless i tried data base64 redirect system.

Not xss 😛 Lead


popup xss :p


All impacts which normal xss can do.

Thanks for reading. Follow us on twitter @spidersec

Related posts