- Accessing internal Google App Engine APIs in a non-production environment, leading to Remote Code Execution ($36,337 bounty) - February 2018
- Performing internal calls through Google's GSLB in Google Cloud Deployment Manager, probably allowing for Remote Code Execution ($31,337 bounty) - May 2020
- Talk at Google UK about a few of these bugs (Mainly the App Engine RCE) - October 2018
- Authentication bypass into Google's internal applications by changing the host header ($10k bounty) - July 2017
- Exploiting deprecated Google API method and interface design to trick users into providing access to resources ($7.5k bounty) - January 2019
- Google Service Management API bug leads to authentication bypass for some specific actions ($7.5k bounty) - January 2018
- SQLi in Google Cloud SQL leads to rootshell in a Cloud SQL instance - May 2020
- Google Service Management API hidden feature allows to bypass permissions check when enabling a service ($5k bounty) - December 2016
- Google IAM API issue allows to list service accounts on any given project, due to the design of some GCP services this could leak several projects' IDs - August 2020
- Using Java enumerations for accessing the getClass method in Google Apps Scripts, leaking internal information ($500 bounty) - August 2016
Comments
I came across your site while digging on a (pretty basic) IP question, and I am so impressed with what you have done I just have to comment. I'm not in the industry as you are, just someone who tries know how things that I work with work. Your explanations are brilliant and clear. Thank you. Sending you peace, grace and this one person's request to keep digging!
ReplyDelete