top of page
Doing security thingies
Search
Author spoofing in Google Colaboratory
Recently, Google made public their new ‘Abuse Research Grant Program’ - an awesome tool for motivating researchers to delve into an often...
zohar shachar
Jun 9, 20213 min read
2,449 views
Multiple Authorization bypass issues in Google's Richmedia Studio
Ah, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I...
zohar shachar
Mar 24, 20215 min read
2,163 views
SSTI in Google Maps
A while back I was researching Google Maps ‘timeline’ feature, and specifically the capability to add your own ‘places’. I was trying to...
zohar shachar
Dec 22, 20203 min read
7,618 views
XSS->Fix->Bypass: 10000$ bounty in Google Maps
Ah, this moment of thrill every Google bug hunter knows, when you see a new ‘buganizer’ email landing in your inbox. Did they accept my...
zohar shachar
Sep 7, 20203 min read
19,568 views
Authorization bypass in Google’s ticketing system (Google-GUTS)
One of the first things you need to do when reporting bugs to Google under their VRP program is set up your ‘Supplier’ account. It’s...
zohar shachar
Jul 28, 20206 min read
5,957 views
SMTP Injection in Gsuite
Gsuite is an immensely powerful tool for account administration. It allows the administrator to control just about anything regarding the...
zohar shachar
Jun 15, 20204 min read
10,607 views
bottom of page