zohar shachar
Author spoofing in Google Colaboratory
Recently, Google made public their new ‘Abuse Research Grant Program’ - an awesome tool for motivating researchers to delve into an often...
top of page
Doing security thingies
Search
zohar shachar
- Mar 24, 2021
- 5 min
Multiple Authorization bypass issues in Google's Richmedia Studio
Ah, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I...
1,911 views
zohar shachar
- Dec 22, 2020
- 3 min
SSTI in Google Maps
A while back I was researching Google Maps ‘timeline’ feature, and specifically the capability to add your own ‘places’. I was trying to...
7,108 views
zohar shachar
- Sep 7, 2020
- 3 min
XSS->Fix->Bypass: 10000$ bounty in Google Maps
Ah, this moment of thrill every Google bug hunter knows, when you see a new ‘buganizer’ email landing in your inbox. Did they accept my...
18,412 views
zohar shachar
- Jul 28, 2020
- 6 min
Authorization bypass in Google’s ticketing system (Google-GUTS)
One of the first things you need to do when reporting bugs to Google under their VRP program is set up your ‘Supplier’ account. It’s...
5,511 views
zohar shachar
- Jun 15, 2020
- 4 min
SMTP Injection in Gsuite
Gsuite is an immensely powerful tool for account administration. It allows the administrator to control just about anything regarding the...
10,128 views
bottom of page