Skip to content

Commit

Permalink
Fix build errors
Browse files Browse the repository at this point in the history
  • Loading branch information
@staz0t
staz0t authored Oct 22, 2023
1 parent f08d829 commit e67611a
Showing 1 changed file with 20 additions and 20 deletions.
40 changes: 20 additions & 20 deletions writeups.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url
2020-06-04,?,Privilege Escalation in Google Cloud Platform's OS Login,https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020,Chris Moberly,https://twitter.com/init_string,blog,true,https://web.archive.org/web/20210426145702/https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020
2020-06-06,500,How i earned $500 from google by change one character .,https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5,Oday Alhalbe,https://bughunter.withgoogle.com/profile/91a2e03b-0b0d-422c-9cd6-aa2a2ae24b57,blog,true,https://web.archive.org/web/20210426145720/https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5
2020-06-15,3133.7,SMTP Injection in Gsuite,https://www.ehpus.com/post/smtp-injection-in-gsuite,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210426145801/https://www.ehpus.com/post/smtp-injection-in-gsuite
2020-07-14,6267.40,Hunting postMessage Vulnerabilities,https://web.archive.org/web/20211016075506/https://insight.claranet.co.uk/technical-blogs/hunting-postmessage-vulnerabilities,Gary O'leary-Steele,https://twitter.com/garyoleary,blog,false,?
2020-07-14,6267.40,Hunting postMessage Vulnerabilities,https://web.archive.org/web/20211016075506/https://insight.claranet.co.uk/technical-blogs/hunting-postmessage-vulnerabilities,Gary O'leary-Steele,https://twitter.com/garyoleary,blog,true,?
2020-07-17,5000,Idor in google product,https://medium.com/@balook/idor-in-google-datastudio-google-com-f2fa51b763de,baluz,https://twitter.com/critical_b0y,blog,true,https://web.archive.org/web/20210426145859/https://balook.medium.com/idor-in-google-datastudio-google-com-f2fa51b763de
2020-07-28,1337,Authorization bypass in Google’s ticketing system (Google-GUTS),https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210426145929/https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system
2020-07-31,4133.7,Script Gadgets! Google Docs XSS Vulnerability Walkthrough,https://www.youtube.com/watch?v=aCexqB9qi70,LiveOverflow,https://twitter.com/LiveOverflow/,video,true,?
Expand Down Expand Up @@ -173,34 +173,34 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url
2022-03-25,0,Clipboard hazard with Google Sheets,https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20220511152331/https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907
2022-04-23,1337,Launching a Supply Chain Counterattack Against Google and OpenSSF,https://codemuch.tech/2022/04/23/supply-chain-counterattack/,Alan Cao,https://twitter.com/AlanCao5,blog,true,https://web.archive.org/web/20220511152343/https://codemuch.tech/2022/04/23/supply-chain-counterattack/
2022-06-09,?,How to download eBooks from Google Play Store without paying for them,https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79,Yess,https://twitter.com/Yess_2021xD,blog,true,https://web.archive.org/web/20220625160226/https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79
2022-09-06,3133.7,IDOR leads to removing members from any Google Chat Space.,http://web.archive.org/web/20220906173240/https://hopesamples.blogspot.com/2022/09/idor-leads-to-removing-members-from-any.html,Vivek M,?,blog,false,?
2022-09-06,3133.7,IDOR leads to removing members from any Google Chat Space.,https://web.archive.org/web/20220906173240/https://hopesamples.blogspot.com/2022/09/idor-leads-to-removing-members-from-any.html,Vivek M,?,blog,true,?
2022-09-16,?,Cloning internal Google repos for fun and… info?,https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20221007012855/https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00
2022-09-22,0,Exploiting Distroless Images,https://www.form3.tech/blog/engineering/exploiting-distroless-images,Daniel Teixeira,https://twitter.com/TheRedOperator,blog,false,?
2022-09-22,0,Exploiting Distroless Images,https://www.form3.tech/blog/engineering/exploiting-distroless-images,Daniel Teixeira,https://twitter.com/TheRedOperator,blog,true,https://web.archive.org/web/20231022142438/https://www.form3.tech/blog/engineering/exploiting-distroless-images
2022-11-10,70000,Accidental $70k Google Pixel Lock Screen Bypass,https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20221128160740/https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
2022-11-30,1337,"The space creators can still see the members of the space, even after they have been removed from the space.",http://web.archive.org/web/20221201043429/https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html,Vivek M,?,blog,false,?
2022-11-30,1337,"The space creators can still see the members of the space, even after they have been removed from the space.",https://web.archive.org/web/20221201043429/https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html,Vivek M,?,blog,true,?
2022-12-26,107500,Turning Google smart speakers into wiretaps for $100k,https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html,Matt Kunze,https://downrightnifty.me/,blog,true,https://web.archive.org/web/20230226143328/https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
2022-12-26,20000,Few bugs in the google cloud shell,https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html,Obmi,https://bughunters.google.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20231022065810/https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html
2023-01-12,6000,SSH key injection in Google Cloud Compute Engine [Google VRP],https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,false,?
2023-01-12,3133.7,Client-Side SSRF to Google Cloud Project Takeover [Google VRP],https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/,Sreeram KL,https://twitter.com/kl_sree,blog,false,?
2023-01-13,3133.7,Bypassing authorization in Google Cloud Workstations [Google VRP],https://blog.stazot.com/ssh-key-injection-google-cloud/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,false,?
2023-01-15,3133.7,XSS using postMessage in Google Cloud Theia notebooks [Google VRP],https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/,Sreeram KL,https://twitter.com/kl_sree,blog,false,https://web.archive.org/web/20231022091605/https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/
2023-01-22,?,How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon],https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900,Orwa Atyat,https://twitter.com/GodfatherOrwa,blog,false,https://web.archive.org/web/20231022091621/https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900
2023-02-05,?,I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35,http://web.archive.org/web/20230306174012/https://bloggerrando.blogspot.com/2023/02/06-2.html,R ando,https://twitter.com/Rando02355205,blog,false,?
2023-01-12,6000,SSH key injection in Google Cloud Compute Engine [Google VRP],https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,true,https://web.archive.org/web/20230705030603/https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/
2023-01-12,3133.7,Client-Side SSRF to Google Cloud Project Takeover [Google VRP],https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/,Sreeram KL,https://twitter.com/kl_sree,blog,true,https://web.archive.org/web/20231006115611/https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/
2023-01-13,3133.7,Bypassing authorization in Google Cloud Workstations [Google VRP],https://blog.stazot.com/ssh-key-injection-google-cloud/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,true,https://web.archive.org/web/20231006115738/https://blog.stazot.com/ssh-key-injection-google-cloud/
2023-01-15,3133.7,XSS using postMessage in Google Cloud Theia notebooks [Google VRP],https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/,Sreeram KL,https://twitter.com/kl_sree,blog,true,https://web.archive.org/web/20231022091605/https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/
2023-01-22,?,How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon],https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900,Orwa Atyat,https://twitter.com/GodfatherOrwa,blog,true,https://web.archive.org/web/20231022091621/https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900
2023-02-05,?,I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35,https://web.archive.org/web/20230306174012/https://bloggerrando.blogspot.com/2023/02/06-2.html,R ando,https://twitter.com/Rando02355205,blog,true,?
2023-02-07,0,Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRP,https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403,Basavaraj Banakar,https://twitter.com/basu_banakar,blog,true,https://web.archive.org/web/20231008030116/https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403
2023-02-10,500,Information disclosure or GDPR breach? A Google tale…,https://medium.com/@lukeberner/information-disclosure-or-gdpr-breach-a-google-tale-f9e99fd5d648,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20230226134624/https://medium.com/@lukeberner/information-disclosure-to-gdpr-breach-a-google-tale-f9e99fd5d648
2023-03-13,5000,The Time I Hacked Google’s Manual Actions Database,https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/,Tom Anthony,https://twitter.com/TomAnthonySEO,blog,false,?
2023-03-18,?,Exploiting aCropalypse: Recovering Truncated PNGs,https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html,David Buchanan,https://twitter.com/David3141593,blog,false,?
2023-03-28,?,The curl quirk that exposed Burp Suite & Google Chrome,https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome,Paul Mutton,https://twitter.com/paulmutton,blog,false,?
2023-03-31,0,Unveiling the Secrets: My Journey of Hacking Google’s OSS,https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa,7h3h4ckv157,https://twitter.com/7h3h4ckv157,blog,false,?
2023-04-13,500,Remote Code Execution Vulnerability in Google They Are Not Willing To Fix,https://giraffesecurity.dev/posts/google-remote-code-execution/,Giraffe Security,https://giraffesecurity.dev/,blog,false,?
2023-04-18,?,How Material Security Uncovered a Vulnerability in the Gmail API,https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api,Material Security,https://twitter.com/material_sec,blog,false,?
2023-03-13,5000,The Time I Hacked Google’s Manual Actions Database,https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/,Tom Anthony,https://twitter.com/TomAnthonySEO,blog,true,https://web.archive.org/web/20230511184950/https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/
2023-03-18,?,Exploiting aCropalypse: Recovering Truncated PNGs,https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html,David Buchanan,https://twitter.com/David3141593,blog,true,https://web.archive.org/web/20230727225338/https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
2023-03-28,?,The curl quirk that exposed Burp Suite & Google Chrome,https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome,Paul Mutton,https://twitter.com/paulmutton,blog,true,https://web.archive.org/web/20230615155314/https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome
2023-03-31,0,Unveiling the Secrets: My Journey of Hacking Google’s OSS,https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa,7h3h4ckv157,https://twitter.com/7h3h4ckv157,blog,true,https://web.archive.org/web/20230331125459/https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa?gi=7f01bb3a5730
2023-04-13,500,Remote Code Execution Vulnerability in Google They Are Not Willing To Fix,https://giraffesecurity.dev/posts/google-remote-code-execution/,Giraffe Security,https://giraffesecurity.dev/,blog,true,https://web.archive.org/web/20230728103039/https://giraffesecurity.dev/posts/google-remote-code-execution/
2023-04-18,?,How Material Security Uncovered a Vulnerability in the Gmail API,https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api,Material Security,https://twitter.com/material_sec,blog,true,https://web.archive.org/web/20231022075350/https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api
2023-04-20,?,"GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts",https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/,Astrix Security,https://twitter.com/AstrixSecurity,blog,true,?
2023-06-09,6000,XSS in GMAIL Dynamic Email (AMP for Email),https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d,asdqw3,https://twitter.com/agamimaulana,blog,true,https://web.archive.org/web/20231020131516/https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d
2023-06-11,7500,googlesource.com access_token leak,https://ndevtk.github.io/writeups/2023/06/11/googlesource/,NDevTK,https://twitter.com/ndevtk,blog,false,?
2023-06-30,?,Server-side Template Injection Leading to RCE on Google VRP,https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc,mizzleneupane,https://twitter.com/mizzle_neupane5,blog,false,?
2023-06-11,7500,googlesource.com access_token leak,https://ndevtk.github.io/writeups/2023/06/11/googlesource/,NDevTK,https://twitter.com/ndevtk,blog,true,https://web.archive.org/web/20231022075417/https://ndevtk.github.io/writeups/2023/06/11/googlesource/
2023-06-30,?,Server-side Template Injection Leading to RCE on Google VRP,https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc,mizzleneupane,https://twitter.com/mizzle_neupane5,blog,true,https://web.archive.org/web/20231022075430/https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc
2023-07-03,500,Hunting for Nginx Alias Traversals in the wild,https://labs.hakaioffsec.com/nginx-alias-traversal/,Hakai Offensive Security,https://www.hakaioffensivesecurity.com/,blog,true,https://web.archive.org/web/20231022065829/https://labs.hakaioffsec.com/nginx-alias-traversal/
2023-07-07,0,A Journey Into Hacking Google Search Appliance,https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/,DEVCORE,https://twitter.com/d3vc0r3,blog,true,https://web.archive.org/web/20231022065848/https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/
2023-07-22,?,Hijacking Cloud CI/CD Systems for Fun and Profit,https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit,Divyanshu,https://twitter.com/gh0st_R1d3r_0x9,blog,false,?
2023-07-22,?,Hijacking Cloud CI/CD Systems for Fun and Profit,https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit,Divyanshu,https://twitter.com/gh0st_R1d3r_0x9,blog,true,https://web.archive.org/web/20231022075452/https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit
2023-08-18,18833.7,Google Extensions,https://ndevtk.github.io/writeups/2023/08/18/extensions/,NDevTK,https://twitter.com/ndevtk,blog,true,https://web.archive.org/web/20231008030139/https://ndevtk.github.io/writeups/2023/08/18/extensions/
2023-09-11,?,GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure,https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure,Ofir Balassiano,https://twitter.com/ofir_balassiano,blog,false,?
2023-09-11,?,GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure,https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure,Ofir Balassiano,https://twitter.com/ofir_balassiano,blog,true,https://web.archive.org/web/20231022075518/https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure
2023-09-18,?,How i found an Stored XSS on Google Books,https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36,Sokol Çavdarbasha,https://twitter.com/sokolicav,blog,true,https://web.archive.org/web/20231020133727/https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36

0 comments on commit e67611a

Please sign in to comment.