Build writeups

xdavidhu · Jan 7, 2024 · 06e52bd · 06e52bd
1 parent 3cbdf72
commit 06e52bd
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -53,6 +53,7 @@ To add a new writeup, simply add a new line to `writeups.csv`:
 - **[Jan 13 - $3,133.7]** [Bypassing authorization in Google Cloud Workstations [Google VRP]](https://blog.stazot.com/ssh-key-injection-google-cloud/)[*](https://web.archive.org/web/20231006115738/https://blog.stazot.com/ssh-key-injection-google-cloud/) by [Sivanesh Ashok](https://twitter.com/sivaneshashok)
 - **[Jan 12 - $6,000]** [SSH key injection in Google Cloud Compute Engine [Google VRP]](https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/)[*](https://web.archive.org/web/20230705030603/https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/) by [Sivanesh Ashok](https://twitter.com/sivaneshashok)
 - **[Jan 12 - $3,133.7]** [Client-Side SSRF to Google Cloud Project Takeover [Google VRP]](https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/)[*](https://web.archive.org/web/20231006115611/https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/) by [Sreeram KL](https://twitter.com/kl_sree)
+- **[Jan 06 - $2,337]** [Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability](https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed)[*](https://web.archive.org/web/20240107141036/https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed) by [Borna Nematzadeh](https://twitter.com/LogicalHunter)
 
 ### 2022:
 

diff --git a/writeups.csv b/writeups.csv
@@ -183,6 +183,7 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url
 2022-11-30,1337,"The space creators can still see the members of the space, even after they have been removed from the space.",https://web.archive.org/web/20221201043429/https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html,Vivek M,?,blog,true,?
 2022-12-26,107500,Turning Google smart speakers into wiretaps for $100k,https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html,Matt Kunze,https://downrightnifty.me/,blog,true,https://web.archive.org/web/20230226143328/https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
 2022-12-26,20000,Few bugs in the google cloud shell,https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html,Obmi,https://bughunters.google.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20231022065810/https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html
+2023-01-06,2337,Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability,https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed,Borna Nematzadeh,https://twitter.com/LogicalHunter,blog,true,https://web.archive.org/web/20240107141036/https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed
 2023-01-12,6000,SSH key injection in Google Cloud Compute Engine [Google VRP],https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,true,https://web.archive.org/web/20230705030603/https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/
 2023-01-12,3133.7,Client-Side SSRF to Google Cloud Project Takeover [Google VRP],https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/,Sreeram KL,https://twitter.com/kl_sree,blog,true,https://web.archive.org/web/20231006115611/https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/
 2023-01-13,3133.7,Bypassing authorization in Google Cloud Workstations [Google VRP],https://blog.stazot.com/ssh-key-injection-google-cloud/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,true,https://web.archive.org/web/20231006115738/https://blog.stazot.com/ssh-key-injection-google-cloud/
@@ -213,4 +214,3 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url
 2023-11-02,?,ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services,https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services,Tenable,https://twitter.com/tenablesecurity,blog,true,https://web.archive.org/web/20231103110025/https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services
 2023-11-14,10000,Uncovering a crazy privilege escalation from Chrome extensions,https://0x44.xyz/blog/cve-2023-4369/,Derin Eryilmaz,https://twitter.com/deryilz,blog,true,https://web.archive.org/web/20231114231353/https://0x44.xyz/blog/cve-2023-4369/
 2023-11-14,?,Google VRP -[IDOR] Deleted Victim Data & Leaked,https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a,Gilang Romadon,https://medium.com/@ggilang1135,blog,true,https://web.archive.org/web/20231115042639/https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a
-2023-01-06,2337,"Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability",https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed,Borna Nematzadeh,https://twitter.com/LogicalHunter,blog,false,?