How To Download Paid Chrome Extensions, Apps and Themes For Free andrey суббота, 24 мая 2014 г. No Comment

This post is regarding to the bug that I found in chrome web store that allows us to download and use any paid chrome extension/app/theme for free. I reported this bug to Google Security team but they refused to consider the bug report saying that the Duplicate reports aren't eligible for the VRP.

Given below is the video tutorial that shows how we can exploit the bug to Download Paid Extensions for free.

This was the email that I received from Google security team.

Hello,
Thanks for the reporting this issue. We appreciate you taking the time to help us improve security.
We've taken a look and can confirm that this is a duplicate of an existing bug that we're already tracking. Unfortunately, this excludes the report from our reward program -- duplicate submissions don't qualify for reward or credit.
Best of luck in your future bug hunting.
Regards,

This bug still exists and it is not yet fixed even after 2 weeks after reporting the bug.

contact me using my Contact form. I hope Google security team will fix the bug as soon as possible. You can also contact me using my email address mr.dinesh.bhosale@gmail.com

Feel free to read about my other bug reports

• Chrome web store bug that allows you to download paid chrome extensions
• Lock your friend's accounts on Facebook

vulnerability is still not patched, video shows exploitation:

This post is regarding to the bug that I found in chrome web store that allows us to download and use any paid chrome extension/app/theme for free. I reported this bug to Google Security team but they refused to consider the bug report saying that the Duplicate reports aren't eligible for the VRP.

Given below is the video tutorial that shows how we can exploit the bug to Download Paid Extensions for free.

This was the email that I received from Google security team.

Hello,
Thanks for the reporting this issue. We appreciate you taking the time to help us improve security.
We've taken a look and can confirm that this is a duplicate of an existing bug that we're already tracking. Unfortunately, this excludes the report from our reward program -- duplicate submissions don't qualify for reward or credit.
Best of luck in your future bug hunting.
Regards,

This bug still exists and it is not yet fixed even after 2 weeks after reporting the bug.

contact me using my Contact form. I hope Google security team will fix the bug as soon as possible. You can also contact me using my email address mr.dinesh.bhosale@gmail.com

Feel free to read about my other bug reports

• Chrome web store bug that allows you to download paid chrome extensions
• Lock your friend's accounts on Facebook

vulnerability is still not patched, video shows exploitation:

Tweet

by Jillur Rahman

Jillur Rahman is a Web designers. He enjoys to make blogger templates. He always try to make modern and 3D looking Templates. You can by his templates from Themeforest.

Follow him @ Twitter | Facebook | Google Plus

Tags: Без рубрики