Add writeup

writeups.csv

@@ -90,6 +90,7 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url
 2020-06-04,?,Privilege Escalation in Google Cloud Platform's OS Login,https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020,Chris Moberly,https://twitter.com/init_string,blog,true,https://web.archive.org/web/20210426145702/https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020
 2020-06-06,500,How i earned $500 from google by change one character .,https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5,Oday Alhalbe,https://bughunter.withgoogle.com/profile/91a2e03b-0b0d-422c-9cd6-aa2a2ae24b57,blog,true,https://web.archive.org/web/20210426145720/https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5
 2020-06-15,3133.7,SMTP Injection in Gsuite,https://www.ehpus.com/post/smtp-injection-in-gsuite,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210426145801/https://www.ehpus.com/post/smtp-injection-in-gsuite
+2020-07-14,6267.40,Hunting postMessage Vulnerabilities,https://web.archive.org/web/20211016075506/https://insight.claranet.co.uk/technical-blogs/hunting-postmessage-vulnerabilities,Gary O'leary-Steele,https://twitter.com/garyoleary,blog,false,?
 2020-07-17,5000,Idor in google product,https://medium.com/@balook/idor-in-google-datastudio-google-com-f2fa51b763de,baluz,https://twitter.com/critical_b0y,blog,true,https://web.archive.org/web/20210426145859/https://balook.medium.com/idor-in-google-datastudio-google-com-f2fa51b763de
 2020-07-28,1337,Authorization bypass in Google’s ticketing system (Google-GUTS),https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210426145929/https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system
 2020-07-31,4133.7,Script Gadgets! Google Docs XSS Vulnerability Walkthrough,https://www.youtube.com/watch?v=aCexqB9qi70,LiveOverflow,https://twitter.com/LiveOverflow/,video,true,?
@@ -172,12 +173,26 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url
 2022-03-25,0,Clipboard hazard with Google Sheets,https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20220511152331/https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907
 2022-04-23,1337,Launching a Supply Chain Counterattack Against Google and OpenSSF,https://codemuch.tech/2022/04/23/supply-chain-counterattack/,Alan Cao,https://twitter.com/AlanCao5,blog,true,https://web.archive.org/web/20220511152343/https://codemuch.tech/2022/04/23/supply-chain-counterattack/
 2022-06-09,?,How to download eBooks from Google Play Store without paying for them,https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79,Yess,https://twitter.com/Yess_2021xD,blog,true,https://web.archive.org/web/20220625160226/https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79
-2022-09-16,?,Cloning internal Google repos for fun and… info?,https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20221007012855/https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00
+2022-09-06,3133.7,"IDOR leads to removing members from any Google Chat Space.",http://web.archive.org/web/20220906173240/https://hopesamples.blogspot.com/2022/09/idor-leads-to-removing-members-from-any.html,Vivek M,?,blog,false,?
+2022-09-16,?,"Cloning internal Google repos for fun and… info?",https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20221007012855/https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00
+2022-09-22,0,Exploiting Distroless Images,https://www.form3.tech/blog/engineering/exploiting-distroless-images,Daniel Teixeira,https://twitter.com/TheRedOperator,blog,false,? 
 2022-11-10,70000,Accidental $70k Google Pixel Lock Screen Bypass,https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20221128160740/https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
+2022-11-30,1337,"The space creators can still see the members of the space, even after they have been removed from the space.",http://web.archive.org/web/20221201043429/https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html,Vivek M,?,blog,false,?
 2022-12-26,107500,Turning Google smart speakers into wiretaps for $100k,https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html,Matt Kunze,https://downrightnifty.me/,blog,true,https://web.archive.org/web/20230226143328/https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
 2022-12-26,20000,Few bugs in the google cloud shell,https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html,Obmi,https://bughunters.google.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20231022065810/https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html
+2023-01-12,6000,"SSH key injection in Google Cloud Compute Engine [Google VRP]",https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,false,?
+2023-01-12,3133.7,"Client-Side SSRF to Google Cloud Project Takeover [Google VRP]",https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/,Sreeram KL,https://twitter.com/kl_sree,blog,false,?
+2023-01-13,3133.7,"Bypassing authorization in Google Cloud Workstations [Google VRP]",https://blog.stazot.com/ssh-key-injection-google-cloud/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,false,?
+2023-01-15,3133.7,"XSS using postMessage in Google Cloud Theia notebooks [Google VRP]",https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/,Sreeram KL,https://twitter.com/kl_sree,blog,false,?
+2023-01-22,?,"How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon]",https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900,Orwa Atyat,https://twitter.com/GodfatherOrwa,blog,false,?
+2023-02-05,?,I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35,http://web.archive.org/web/20230306174012/https://bloggerrando.blogspot.com/2023/02/06-2.html,R ando,https://twitter.com/Rando02355205,blog,false,?
 2023-02-07,0,Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRP,https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403,Basavaraj Banakar,https://twitter.com/basu_banakar,blog,true,https://web.archive.org/web/20231008030116/https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403
 2023-02-10,500,Information disclosure or GDPR breach? A Google tale…,https://medium.com/@lukeberner/information-disclosure-or-gdpr-breach-a-google-tale-f9e99fd5d648,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20230226134624/https://medium.com/@lukeberner/information-disclosure-to-gdpr-breach-a-google-tale-f9e99fd5d648
+2023-03-13,5000,The Time I Hacked Google’s Manual Actions Database,https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/,Tom Anthony,https://twitter.com/TomAnthonySEO,blog,false,?
+2023-03-18,?,Exploiting aCropalypse: Recovering Truncated PNGs,https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html,David Buchanan,https://twitter.com/David3141593,blog,false,?
+2023-03-28,?,The curl quirk that exposed Burp Suite & Google Chrome,https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome,Paul Mutton,https://twitter.com/paulmutton,blog,false,?
+2023-03-31,0,Unveiling the Secrets: My Journey of Hacking Google’s OSS,https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa,7h3h4ckv157,https://twitter.com/7h3h4ckv157,blog,false,?
+2023-04-13,500,Remote Code Execution Vulnerability in Google They Are Not Willing To Fix,https://giraffesecurity.dev/posts/google-remote-code-execution/,Giraffe Security,https://giraffesecurity.dev/,blog,false,?
 2023-04-18,?,How Material Security Uncovered a Vulnerability in the Gmail API,https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api,Material Security,https://twitter.com/material_sec,blog,false,?
 2023-04-20,?,GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts,https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/,Astrix Security,https://twitter.com/AstrixSecurity,blog,false,?
 2023-06-09,6000,XSS in GMAIL Dynamic Email (AMP for Email),https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d,asdqw3,https://twitter.com/agamimaulana,blog,true,https://web.archive.org/web/20231020131516/https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d