zohar shacharJun 9, 20213 min readAuthor spoofing in Google ColaboratoryRecently, Google made public their new ‘Abuse Research Grant Program’ - an awesome tool for motivating researchers to delve into an often...
zohar shacharMar 24, 20215 min readMultiple Authorization bypass issues in Google's Richmedia StudioAh, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I...
zohar shacharDec 22, 20203 min readSSTI in Google MapsA while back I was researching Google Maps ‘timeline’ feature, and specifically the capability to add your own ‘places’. I was trying to...
zohar shacharSep 7, 20203 min readXSS->Fix->Bypass: 10000$ bounty in Google MapsAh, this moment of thrill every Google bug hunter knows, when you see a new ‘buganizer’ email landing in your inbox. Did they accept my...
zohar shacharJul 28, 20206 min readAuthorization bypass in Google’s ticketing system (Google-GUTS)One of the first things you need to do when reporting bugs to Google under their VRP program is set up your ‘Supplier’ account. It’s...
zohar shacharJun 15, 20204 min readSMTP Injection in GsuiteGsuite is an immensely powerful tool for account administration. It allows the administrator to control just about anything regarding the...