Seven days ago I reported to Google Security a XSS vulnerability I discovered in Google image search.
It's not very hard to find , but it's tricky to exploit!
I was looking for an image to set as my profile picture on HackerOne , I found the image I was looking for , opened it in a new tab and something in the url attracted me.
The url was " http://www.google.com.eg/imgres?imgurl=https://lh3.googleusercontent.com/-jb45vwjUS6Q/Um0zjoyU8oI/AAAAAAAAACw/qKwGgi6q07s/w426-h425/Skipper-LIKE-A-BOSS-XD-fans-of-pom-29858033-795-634.png&imgrefurl=https://plus.google.com/103620070950422848649&h=425&w=426&tbnid=ForZveNKPzwSQM:&docid=OEafHRc2DBa9eM&itg=1&ei=9ID8VZufMYqwUfSBhKgL&tbm=isch "
the value of the parameter "imgurl" is set to the href attribute of an <a> tag with the text "View image".
I looked into the code and found that google had an onmousedown event that changes the href attribute to google redirection page. Sad , huh?
I tried a lot of things to bypass this , but still no luck!
I finally used my keyboard , pressed the [tab] key till I get the "View Image" button focused , press enter and the XSS was triggered.
12/9/2015 Vulnerability discovered and reported
15/9/2015 Google confirmed the issue
16/9/2015 Fix and rewad