top of page
Doing security thingies
Search
zohar shachar
Jun 9, 20213 min read
Author spoofing in Google Colaboratory
Recently, Google made public their new ‘Abuse Research Grant Program’ - an awesome tool for motivating researchers to delve into an often...
2,405 views
zohar shachar
Mar 24, 20215 min read
Multiple Authorization bypass issues in Google's Richmedia Studio
Ah, Google research grants, how effective you are! It seems as if exactly in these times when my energy levels are low, and I...
2,119 views
zohar shachar
Dec 22, 20203 min read
SSTI in Google Maps
A while back I was researching Google Maps ‘timeline’ feature, and specifically the capability to add your own ‘places’. I was trying to...
7,549 views
zohar shachar
Sep 7, 20203 min read
XSS->Fix->Bypass: 10000$ bounty in Google Maps
Ah, this moment of thrill every Google bug hunter knows, when you see a new ‘buganizer’ email landing in your inbox. Did they accept my...
19,402 views
zohar shachar
Jul 28, 20206 min read
Authorization bypass in Google’s ticketing system (Google-GUTS)
One of the first things you need to do when reporting bugs to Google under their VRP program is set up your ‘Supplier’ account. It’s...
5,889 views
zohar shachar
Jun 15, 20204 min read
SMTP Injection in Gsuite
Gsuite is an immensely powerful tool for account administration. It allows the administrator to control just about anything regarding the...
10,527 views
bottom of page