Over last 3 years, I’ve participated in the Google Reward Program and found some relatively serious vulnerability. Google OAuth Target URL, Upload X.509 Cert and Domain Description Vulnerable to UI Redress Attack is my one of the oldest finding in Google Reward program.
more here..........http://blog.securelayer7.net/google-oauth-target-url-and-domain-description-vulnerable-to-ui-redress-attack/
more here..........http://blog.securelayer7.net/google-oauth-target-url-and-domain-description-vulnerable-to-ui-redress-attack/