zohar shachar
Author spoofing in Google Colaboratory
Recently, Google made public their new ‘Abuse Research Grant Program’ - an awesome tool for motivating researchers to delve into an often...
top of page
Doing security thingies
Search
zohar shachar
- Mar 24, 2021
- 5 min
Multiple Authorization bypass issues in Google's Richmedia Studio
Ah, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I...
1,927 views
zohar shachar
- Dec 22, 2020
- 3 min
SSTI in Google Maps
A while back I was researching Google Maps ‘timeline’ feature, and specifically the capability to add your own ‘places’. I was trying to...
7,152 views
zohar shachar
- Sep 7, 2020
- 3 min
XSS->Fix->Bypass: 10000$ bounty in Google Maps
Ah, this moment of thrill every Google bug hunter knows, when you see a new ‘buganizer’ email landing in your inbox. Did they accept my...
18,529 views
zohar shachar
- Jul 28, 2020
- 6 min
Authorization bypass in Google’s ticketing system (Google-GUTS)
One of the first things you need to do when reporting bugs to Google under their VRP program is set up your ‘Supplier’ account. It’s...
5,565 views
zohar shachar
- Jun 15, 2020
- 4 min
SMTP Injection in Gsuite
Gsuite is an immensely powerful tool for account administration. It allows the administrator to control just about anything regarding the...
10,175 views
bottom of page