From 719bb8134dd32679ac93f02e69f4f775943b64ab Mon Sep 17 00:00:00 2001 From: Sivanesh Ashok Date: Sun, 22 Oct 2023 13:23:03 +0530 Subject: [PATCH] Add writeup --- writeups.csv | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/writeups.csv b/writeups.csv index e0d88d6..0e02558 100644 --- a/writeups.csv +++ b/writeups.csv @@ -178,8 +178,14 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url 2022-12-26,20000,Few bugs in the google cloud shell,https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html,Obmi,https://bughunters.google.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20231022065810/https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html 2023-02-07,0,Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRP,https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403,Basavaraj Banakar,https://twitter.com/basu_banakar,blog,true,https://web.archive.org/web/20231008030116/https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403 2023-02-10,500,Information disclosure or GDPR breach? A Google tale…,https://medium.com/@lukeberner/information-disclosure-or-gdpr-breach-a-google-tale-f9e99fd5d648,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20230226134624/https://medium.com/@lukeberner/information-disclosure-to-gdpr-breach-a-google-tale-f9e99fd5d648 +2023-04-18,?,How Material Security Uncovered a Vulnerability in the Gmail API,https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api,Material Security,https://twitter.com/material_sec,blog,false,? +2023-04-20,?,GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts,https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/,Astrix Security,https://twitter.com/AstrixSecurity,blog,false,? 2023-06-09,6000,XSS in GMAIL Dynamic Email (AMP for Email),https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d,asdqw3,https://twitter.com/agamimaulana,blog,true,https://web.archive.org/web/20231020131516/https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d +2023-06-11,7500,googlesource.com access_token leak,https://ndevtk.github.io/writeups/2023/06/11/googlesource/,NDevTK,https://twitter.com/ndevtk,blog,false,? +2023-06-30,?,Server-side Template Injection Leading to RCE on Google VRP,https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc,mizzleneupane,https://twitter.com/mizzle_neupane5,blog,false,? 2023-07-03,500,Hunting for Nginx Alias Traversals in the wild,https://labs.hakaioffsec.com/nginx-alias-traversal/,Hakai Offensive Security,https://www.hakaioffensivesecurity.com/,blog,true,https://web.archive.org/web/20231022065829/https://labs.hakaioffsec.com/nginx-alias-traversal/ 2023-07-07,0,A Journey Into Hacking Google Search Appliance,https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/,DEVCORE,https://twitter.com/d3vc0r3,blog,true,https://web.archive.org/web/20231022065848/https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/ +2023-07-22,?,Hijacking Cloud CI/CD Systems for Fun and Profit,https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit,Divyanshu,https://twitter.com/gh0st_R1d3r_0x9,blog,false,? 2023-08-18,18833.7,Google Extensions,https://ndevtk.github.io/writeups/2023/08/18/extensions/,NDevTK,https://twitter.com/ndevtk,blog,true,https://web.archive.org/web/20231008030139/https://ndevtk.github.io/writeups/2023/08/18/extensions/ +2023-09-11,?,GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure,https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure,Ofir Balassiano,https://twitter.com/ofir_balassiano,blog,false,? 2023-09-18,?,How i found an Stored XSS on Google Books,https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36,Sokol Çavdarbasha,https://twitter.com/sokolicav,blog,true,https://web.archive.org/web/20231020133727/https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36