zohar shacharJun 9, 20213 minAuthor spoofing in Google ColaboratoryRecently, Google made public their new ‘Abuse Research Grant Program’ - an awesome tool for motivating researchers to delve into an often...
zohar shacharMar 24, 20215 minMultiple Authorization bypass issues in Google's Richmedia StudioAh, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I...
zohar shacharDec 22, 20203 minSSTI in Google MapsA while back I was researching Google Maps ‘timeline’ feature, and specifically the capability to add your own ‘places’. I was trying to...
zohar shacharSep 7, 20203 minXSS->Fix->Bypass: 10000$ bounty in Google MapsAh, this moment of thrill every Google bug hunter knows, when you see a new ‘buganizer’ email landing in your inbox. Did they accept my...
zohar shacharJul 28, 20206 minAuthorization bypass in Google’s ticketing system (Google-GUTS)One of the first things you need to do when reporting bugs to Google under their VRP program is set up your ‘Supplier’ account. It’s...
zohar shacharJun 15, 20204 minSMTP Injection in GsuiteGsuite is an immensely powerful tool for account administration. It allows the administrator to control just about anything regarding the...