| Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs |
|
|
|
| Accidental $70k Google Pixel Lock Screen Bypass |
|
|
|
| Viewing Instagram live streams anonymously without notifying the host |
|
|
|
| CloudKit Share Records leak the title of private iCloud files |
|
|
|
| Auth Bypass in com.google.android.googlequicksearchbox |
|
|
|
| Fixing the Unfixable: Story of a Google Cloud SSRF |
|
|
|
| URL whitelist bypass in https://cxl-services.appspot.com |
|
|
|
| Auth Bypass in Google Assistant |
|
|
|
| Unencrypted HTTP Links to Google Scholar in Search |
|
|
|
| IDOR on clientauthconfig.googleapis.com |
|
|
|
| Bypassing restricted port protection in WebKit |
|
|
|
| Path Traversal in MobileSafari |
|
|
|
| Clickjacking in Nearby Devices Dashboard |
|
|
|
| Auth Bypass in https://nearbydevices-pa.googleapis.com |
|
|
|
| De-anonymising Anonymous Animals in Google Workspace |
|
|
|
| Auth Bypass in Google Workspace Real Time Collaboration |
|
|
|
| CSRF in YouTube Leanback API |
|
|
|
| I Built a TV That Plays All of Your Private YouTube Videos |
|
|
|
| The Embedded YouTube Player Told Me What You Were Watching (and more) |
|
|
|
| Stealing Your Private YouTube Videos, One Frame at a Time |
|
|
|
| The unexpected Google wide domain check bypass |
|
|
|
writeups.xyz
/
David Schütz (@Xdavidhu)