top of page
Doing security thingies
Search
zohar shachar
Jun 9, 20213 min read
Author spoofing in Google Colaboratory
Recently, Google made public their new ‘Abuse Research Grant Program’ - an awesome tool for motivating researchers to delve into an often...
2,415 views
zohar shachar
Mar 24, 20215 min read
Multiple Authorization bypass issues in Google's Richmedia Studio
Ah, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I...
2,129 views
zohar shachar
Dec 22, 20203 min read
SSTI in Google Maps
A while back I was researching Google Maps ‘timeline’ feature, and specifically the capability to add your own ‘places’. I was trying to...
7,570 views
zohar shachar
Sep 7, 20203 min read
XSS->Fix->Bypass: 10000$ bounty in Google Maps
Ah, this moment of thrill every Google bug hunter knows, when you see a new ‘buganizer’ email landing in your inbox. Did they accept my...
19,458 views
zohar shachar
Jul 28, 20206 min read
Authorization bypass in Google’s ticketing system (Google-GUTS)
One of the first things you need to do when reporting bugs to Google under their VRP program is set up your ‘Supplier’ account. It’s...
5,906 views
bottom of page