diff --git a/README.md b/README.md index da6126a..42b65e4 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ To add a new writeup, simply add a new line to `writeups.csv`: - **[Jan 13 - $3,133.7]** [Bypassing authorization in Google Cloud Workstations [Google VRP]](https://blog.stazot.com/ssh-key-injection-google-cloud/)[*](https://web.archive.org/web/20231006115738/https://blog.stazot.com/ssh-key-injection-google-cloud/) by [Sivanesh Ashok](https://twitter.com/sivaneshashok) - **[Jan 12 - $6,000]** [SSH key injection in Google Cloud Compute Engine [Google VRP]](https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/)[*](https://web.archive.org/web/20230705030603/https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/) by [Sivanesh Ashok](https://twitter.com/sivaneshashok) - **[Jan 12 - $3,133.7]** [Client-Side SSRF to Google Cloud Project Takeover [Google VRP]](https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/)[*](https://web.archive.org/web/20231006115611/https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/) by [Sreeram KL](https://twitter.com/kl_sree) +- **[Jan 06 - $2,337]** [Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability](https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed)[*](https://web.archive.org/web/20240107141036/https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed) by [Borna Nematzadeh](https://twitter.com/LogicalHunter) ### 2022: diff --git a/writeups.csv b/writeups.csv index a235ec9..d0ce434 100644 --- a/writeups.csv +++ b/writeups.csv @@ -183,6 +183,7 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url 2022-11-30,1337,"The space creators can still see the members of the space, even after they have been removed from the space.",https://web.archive.org/web/20221201043429/https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html,Vivek M,?,blog,true,? 2022-12-26,107500,Turning Google smart speakers into wiretaps for $100k,https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html,Matt Kunze,https://downrightnifty.me/,blog,true,https://web.archive.org/web/20230226143328/https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html 2022-12-26,20000,Few bugs in the google cloud shell,https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html,Obmi,https://bughunters.google.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20231022065810/https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html +2023-01-06,2337,Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability,https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed,Borna Nematzadeh,https://twitter.com/LogicalHunter,blog,true,https://web.archive.org/web/20240107141036/https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed 2023-01-12,6000,SSH key injection in Google Cloud Compute Engine [Google VRP],https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,true,https://web.archive.org/web/20230705030603/https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/ 2023-01-12,3133.7,Client-Side SSRF to Google Cloud Project Takeover [Google VRP],https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/,Sreeram KL,https://twitter.com/kl_sree,blog,true,https://web.archive.org/web/20231006115611/https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/ 2023-01-13,3133.7,Bypassing authorization in Google Cloud Workstations [Google VRP],https://blog.stazot.com/ssh-key-injection-google-cloud/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,true,https://web.archive.org/web/20231006115738/https://blog.stazot.com/ssh-key-injection-google-cloud/ @@ -213,4 +214,3 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url 2023-11-02,?,ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services,https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services,Tenable,https://twitter.com/tenablesecurity,blog,true,https://web.archive.org/web/20231103110025/https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services 2023-11-14,10000,Uncovering a crazy privilege escalation from Chrome extensions,https://0x44.xyz/blog/cve-2023-4369/,Derin Eryilmaz,https://twitter.com/deryilz,blog,true,https://web.archive.org/web/20231114231353/https://0x44.xyz/blog/cve-2023-4369/ 2023-11-14,?,Google VRP -[IDOR] Deleted Victim Data & Leaked,https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a,Gilang Romadon,https://medium.com/@ggilang1135,blog,true,https://web.archive.org/web/20231115042639/https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a -2023-01-06,2337,"Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability",https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed,Borna Nematzadeh,https://twitter.com/LogicalHunter,blog,false,?