| How I Got Critical P2 Bug on Google VRP |
|
|
|
| Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP |
|
|
|
| Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough |
|
|
|
| The Monsters in Your Build Cache – GitHub Actions Cache Poisoning |
|
|
|
| An Obscure Actions Workflow Vulnerability in Google’s Flank |
|
|
|
| We Hacked Google A.I. for $50,000 |
|
|
|
| How I hacked into Google’s internal corporate assets |
|
|
|
| Dangling CNAME/Orphaned CNAME leads P2 on Google VRP |
|
|
|
| How I found RXSS in Facebook, Twitter and Google training academy |
|
|
|
| Introducing MavenGate: a supply chain attack method for Java and Android applications |
|
|
|
| Google OAuth is broken (sort of) |
|
|
|
| How i found an Stored XSS on Google Books |
|
|
|
| Google Extensions (Awarded $18833.7) |
|
|
|
| Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack |
|
|
|
| [REL] A Journey Into Hacking Google Search Appliance |
|
|
|
| Hunting for Nginx Alias Traversals in the wild |
|
|
|
| Server-side Template Injection Leading to RCE on Google VRP |
|
|
|
| googlesource.com access_token leak (Awarded $7500) |
|
|
|
| XSS in GMAIL Dynamic Email (AMP for Email) |
|
|
|
| How Material Security Uncovered a Vulnerability in the Gmail API |
|
|
|
| Remote Code Execution Vulnerability in Google They Are Not Willing To Fix |
|
|
|
| Unveiling the Secrets: My Journey of Hacking Google’s OSS |
|
|
|
| How to avoid the aCropalypse |
|
|
|
| Exploiting aCropalypse: Recovering Truncated PNGs |
|
|
|
| Vulnerabilities in the TPM 2.0 reference implementation code |
|
|
|
writeups.xyz
/
Google