| 5 Different Vulnerabilities in Google’s Threadit |
|
|
|
| Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts |
|
|
|
| Listing all registered email addresses on Google’s Crisis Map thanks to IDOR and incremental IDs |
|
|
|
| Clickjacking DOM XSS on Google.org |
|
|
|
| XSSing Google Employees — Blind XSS on googleplex.com |
|
|
|
| Inserting malware into anyone’s Google Earth Projects Archive |
|
|
|
| Unsecured access to personal data of a million Leo Express users |
|
|
|
| XSSing Google Code-in thanks to improperly escaped JSON data |
|
|
|
| Bypassing Firebase authorization to create custom goo.gl subdomains |
|
|
|
| Reflected XSS in Google Code Jam |
|
|
|
| Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org |
|
|
|
writeups.xyz
/
Thomas Orlita (@ThomasOrlita)