├── infra
    ├── builder
    │   ├── action.yml
    │   ├── Dockerfile
    │   ├── csv_to_readme.py
    │   └── builder.py
    └── utils
    │   ├── csv-archive.py
    │   └── readme-to-csv.py
├── .github
    └── workflows
    │   └── agvrpw-builder.yml
├── writeups.csv
└── README.md


/infra/builder/action.yml:
--------------------------------------------------------------------------------
1 | name: "AGVRP Builder Container"
2 | runs:
3 |   using: "docker"
4 |   image: "Dockerfile"


--------------------------------------------------------------------------------
/infra/builder/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.9-slim
2 | 
3 | WORKDIR /app
4 | COPY . ./
5 | 
6 | RUN pip install requests requests_oauthlib
7 | 
8 | ENTRYPOINT ["python", "/app/builder.py"]


--------------------------------------------------------------------------------
/.github/workflows/agvrpw-builder.yml:
--------------------------------------------------------------------------------
 1 | name: "AGVRP Builder Action"
 2 | on: [push]
 3 | jobs:
 4 |   build-writeups:
 5 |     runs-on: ubuntu-latest
 6 |     steps:
 7 |     - name: Clone repo
 8 |       uses: actions/checkout@v2.3.4
 9 |     - name: Run the local builder action
10 |       uses: ./infra/builder
11 |       env:
12 |         AGVRPW_TWITTER_CK: ${{ secrets.AGVRPW_TWITTER_CK }}
13 |         AGVRPW_TWITTER_CS: ${{ secrets.AGVRPW_TWITTER_CS }}
14 |         AGVRPW_TWITTER_RK: ${{ secrets.AGVRPW_TWITTER_RK }}
15 |         AGVRPW_TWITTER_RS: ${{ secrets.AGVRPW_TWITTER_RS }}
16 |     - name: Commit files
17 |       run: |
18 |         git config --local user.email "agvrpw-builder[bot]@gh.xdavidhu.me"
19 |         git config --local user.name "agvrpw-builder[bot]"
20 |         git commit -m "Build writeups" -a
21 |     - name: Push the changes
22 |       uses: ad-m/github-push-action@057a6ba835d986bfe495dd476a6c4db1d5f9503c
23 |       with:
24 |         github_token: ${{ secrets.GITHUB_TOKEN }}
25 |         branch: ${{ github.ref }}
26 | 


--------------------------------------------------------------------------------
/infra/utils/csv-archive.py:
--------------------------------------------------------------------------------
 1 | import sys, csv, requests, urllib
 2 | 
 3 | def parse_writeups(writeups_csv):
 4 |     writeups = []
 5 |     with open(writeups_csv, "r") as csv_file:
 6 |         try:
 7 |             for line in csv.DictReader(csv_file):
 8 |                 writeups.append(line)
 9 |         except:
10 |             print("[!!!] Can't parse CSV")
11 |             exit(5)
12 |     writeups = sorted(writeups, key=lambda k: k["date"] if (k["date"] != "?") else "0000-00-00", reverse=False)
13 |     return writeups
14 | 
15 | def archive(url):
16 |     print(f"[+] Archinving '{url}'")
17 |     headers = {"User-Agent": "https://github.com/xdavidhu/awesome-google-vrp-writeups"}
18 |     url = urllib.parse.quote(url)
19 | 
20 |     try:
21 |         r = requests.get(f"https://web.archive.org/save/{url}", headers=headers, timeout=120, allow_redirects=False)
22 |         print(f"[+] Successfully archived '{url}', archive: '{r.headers['location']}'")
23 |         return r.headers["location"]
24 |     except:
25 |         return False
26 | 
27 |     return False
28 | 
29 | def write_writeups(writeups, writeups_csv):
30 |     headers = []
31 |     for key in writeups[0]:
32 |         headers.append(key)
33 | 
34 |     with open(writeups_csv, "w") as csv_file:
35 |         writer = csv.DictWriter(csv_file, fieldnames=headers)
36 |         writer.writeheader()
37 |         for row in writeups:
38 |             writer.writerow(row)
39 | 
40 | if len(sys.argv) < 2:
41 |     print("Usage: python3 csv-archive.py [csv]")
42 |     exit()
43 | 
44 | writeups = parse_writeups(sys.argv[1])
45 | 
46 | for writeup in writeups:
47 |     if writeup["archive-url"] == "?":
48 |         if writeup["type"] != "video":
49 |             archive_url = archive(writeup["url"])
50 |             if archive_url != False:
51 |                 writeup["archive-url"] = archive_url
52 | 
53 | write_writeups(writeups, sys.argv[1])
54 | print("[+] Done")


--------------------------------------------------------------------------------
/infra/utils/readme-to-csv.py:
--------------------------------------------------------------------------------
 1 | import re
 2 | from datetime import datetime
 3 | import csv
 4 | import sys
 5 | 
 6 | writeup_regex = r"- \*\*\[((\w\w\w) (\d\d)|\?\?\?) - \$([0-9,.]*|\?\?\?)]\*\* \[([^\]]*)\]\(([^\)]*)\) by \[([^\]]*)\]\(([^\)]*)\)"
 7 | 
 8 | data = []
 9 | year = 0
10 | type = "blog"
11 | introduction = True
12 | 
13 | if len(sys.argv) < 3:
14 |     print("Usage: python3 readme-to-csv.py [readme] [output]")
15 |     exit()
16 | 
17 | # loop through every line
18 | file = open(sys.argv[1], "r")
19 | for line in file:
20 |     
21 |     # skip the introduction
22 |     if line == "## Blog posts:\n":
23 |         introduction = False
24 |         continue
25 |     if introduction:
26 |         continue
27 | 
28 |     # skip the empty lines
29 |     if line == "\n":
30 |         continue
31 |     
32 |     # update parameters if the line is not a writeup
33 |     if line.startswith("##"):
34 |         if "Videos" in line:
35 |             type = "video"
36 |             year = 0
37 |         elif "Unknown Date:" in line:
38 |             year = 0
39 |         else:
40 |             match = re.search(r"\d\d\d\d", line)
41 |             year = int(match.group(0))
42 |     else:
43 |         # parse the data line with writeup_regex
44 |         match = re.search(writeup_regex, line)
45 |         
46 |         if year == 0:
47 |             date = "?"
48 |         else:
49 |             # reformat the date to YYYY-MM-DD
50 |             date_string = str(year) + " " + match.group(1)
51 |             datetime_object = datetime.strptime(date_string, "%Y %b %d")
52 |             date = datetime_object.strftime("%Y-%m-%d")
53 | 
54 |         # save the row
55 |         row = {
56 |             'date': date,
57 |             'bounty': match.group(4).replace(",", "") if not match.group(4)=="???" else "?",
58 |             'title': match.group(5),
59 |             'url': match.group(6),
60 |             'author': match.group(7) if not match.group(7)=="???" else "?",
61 |             'author-url': match.group(8) if not match.group(8)=="#" else "?",
62 |             'type': type,
63 |             'tweeted': 'true',
64 |             'archive-url': '?'
65 |         }
66 |         data.append(row)
67 | file.close()
68 | 
69 | # prepare the csv headers
70 | headers = []
71 | for key in data[0]:
72 |     headers.append(key)
73 | 
74 | # save to csv
75 | with open(sys.argv[2], "w") as csv_file:
76 |     writer = csv.DictWriter(csv_file, fieldnames=headers)
77 |     writer.writeheader()
78 |     for row in data:
79 |         writer.writerow(row)
80 | 
81 | print("[+] Done")


--------------------------------------------------------------------------------
/infra/builder/csv_to_readme.py:
--------------------------------------------------------------------------------
 1 | from datetime import datetime
 2 | import locale
 3 | 
 4 | def generate_readme(writeups, output_file):
 5 | 
 6 |     writeups = sorted(writeups, key=lambda k: k["date"] if (k["date"] != "?") else "0000-00-00", reverse=True)
 7 | 
 8 |     with open(output_file, "w") as output:
 9 |         output.write("# Awesome Google VRP Writeups\n🐛 A list of writeups from the Google VRP Bug Bounty program\n\n*\*writeups: **not just** writeups*\n\n")
10 |         output.write("**Follow [@gvrp_writeups](https://twitter.com/gvrp_writeups) on Twitter to get new writeups straigt into your feed!**\n\n")
11 |         output.write("## Contributing:\n\nIf you know of any writeups/videos not listed in this repository, feel free to open a Pull Request.\n\nTo add a new writeup, simply add a new line to `writeups.csv`:\n```\n[YYYY-MM-DD],[bounty],[title],[url],[author-name],[author-url],[type],false,?\n```\n*If a value is not available, write `?`.*<br>\n*The value of `type` can either be `blog` or `video`.*<br>\n*If any of the fields include a `,`, please wrap the value in quotes.*<br>\n*Please keep the last two fields set to `false` and `?`. The automation will modify these fields.*<br>\n*If available, set `author-url` to the author's Twitter URL, so the automation can @mention the author.*\n")
12 |         output.write("\n## Writeups:\n")
13 | 
14 |         last_year = False
15 |         for writeup in writeups:
16 | 
17 |             if writeup["date"] != "?":
18 |                 date = datetime.strptime(writeup["date"], "%Y-%m-%d")
19 |             else:
20 |                 date = False
21 |             
22 |             if date != False:
23 |                 if last_year != date.year:
24 |                     output.write(f"\n### {date.year}:\n\n")
25 |                     last_year = date.year
26 |             if date == False:
27 |                 if last_year != "?":
28 |                     output.write(f"\n### Unknown Date:\n\n")
29 |                     last_year = "?"
30 |             
31 |             if date != False:
32 |                 date_string = date.strftime("%b") + " " + date.strftime("%d")
33 |             else:
34 |                 date_string = f"???"
35 |             
36 |             if writeup["bounty"] != "?":
37 |                 bounty = f"{float(writeup['bounty']):,g}"
38 |             else:
39 |                 bounty = "???"
40 |             
41 |             author = writeup['author']
42 |             if author == "?":
43 |                 author = "???"
44 |             
45 |             author_url = writeup['author-url']
46 |             if author_url == "?":
47 |                 author_url = "#"
48 |             
49 |             archive_url = writeup['archive-url']
50 |             if archive_url == "?":
51 |                 archive_url = "#"
52 | 
53 |             output.write(f"- **[{date_string} - ${bounty}]** [{writeup['title']}]({writeup['url']})[*]({archive_url}) by [{author}]({author_url})\n")
54 | 
55 | if __name__ == "__main__":
56 |     import sys
57 | 
58 |     if len(sys.argv) < 3:
59 |         print("Usage: python3 csv-to-readme.py [csv] [output]")
60 |         exit()
61 |     
62 |     generate_readme(sys.argv[1], sys.argv[2])
63 |     print("[+] Done")
64 | 


--------------------------------------------------------------------------------
/infra/builder/builder.py:
--------------------------------------------------------------------------------
  1 | import os, random, string, errno, csv, requests, re, urllib
  2 | from requests_oauthlib import OAuth1Session
  3 | import csv_to_readme
  4 | 
  5 | twitter_ck = os.getenv("AGVRPW_TWITTER_CK", "")
  6 | twitter_cs = os.getenv("AGVRPW_TWITTER_CS", "")
  7 | twitter_rk = os.getenv("AGVRPW_TWITTER_RK", "")
  8 | twitter_rs = os.getenv("AGVRPW_TWITTER_RS", "")
  9 | workspace_dir = os.getenv("GITHUB_WORKSPACE")
 10 | repo_url = "https://github.com/xdavidhu/awesome-google-vrp-writeups"
 11 | 
 12 | def random_string(length):
 13 |     return "".join(random.SystemRandom().choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(length))
 14 | 
 15 | def parse_writeups(writeups_csv):
 16 |     writeups = []
 17 |     with open(writeups_csv, "r") as csv_file:
 18 |         try:
 19 |             for line in csv.DictReader(csv_file):
 20 |                 writeups.append(line)
 21 |         except:
 22 |             print("[!!!] Can't parse CSV")
 23 |             exit(5)
 24 |     writeups = sorted(writeups, key=lambda k: k["date"] if (k["date"] != "?") else "0000-00-00", reverse=False)
 25 |     return writeups
 26 | 
 27 | def parse_twitter_user(author_url):
 28 |     match = re.match(r"https:\/\/twitter.com\/([a-zA-Z0-9_]+)", author_url)
 29 |     if match != None:
 30 |         return match.group(1)
 31 |     return False
 32 | 
 33 | def new_tweet(title, bounty, author, url, mention=False):
 34 |     twitter = OAuth1Session(twitter_ck, client_secret=twitter_cs, resource_owner_key=twitter_rk, resource_owner_secret=twitter_rs)
 35 |     
 36 |     title = (title[:137] + "...") if len(title) >= 140 else title
 37 |     if len(author) >= 50:
 38 |         mention = False
 39 |     author = (author[:47] + "...") if len(author) >= 50 else author
 40 | 
 41 |     author_string = "@" + author if mention else author
 42 |     bounty_string = "???" if bounty == "?" else f"{float(bounty):,g}"
 43 |     tweet_string = f"New Google VRP writeup \"{title}\" for a bounty of ${bounty_string} by {author_string}:\n{url}"
 44 |     try:
 45 |         r = twitter.post("https://api.twitter.com/2/tweets", json={"text": tweet_string})
 46 |         if r.status_code == 201:
 47 |             return True
 48 |         else:
 49 |             print(f"[!] Twitter API call to '/2/tweets' failed:")
 50 |             print(r.status_code)
 51 |             print(r.content)
 52 |     except:
 53 |         print(f"[!] Twitter API call to '/2/tweets' failed with an exception")
 54 |         return False
 55 |     
 56 |     return False
 57 | 
 58 | def archive(url):
 59 |     print(f"[+] Archinving '{url}'")
 60 |     headers = {"User-Agent": repo_url}
 61 |     url = urllib.parse.quote(url)
 62 | 
 63 |     try:
 64 |         r = requests.get(f"https://web.archive.org/save/{url}", headers=headers, timeout=120, allow_redirects=False)
 65 |         print(f"[+] Successfully archived '{url}', archive: '{r.headers['location']}'")
 66 |         return r.headers["location"]
 67 |     except:
 68 |         return False
 69 | 
 70 |     return False
 71 | 
 72 | def write_writeups(writeups, writeups_csv):
 73 |     headers = []
 74 |     for key in writeups[0]:
 75 |         headers.append(key)
 76 | 
 77 |     with open(writeups_csv, "w") as csv_file:
 78 |         writer = csv.DictWriter(csv_file, fieldnames=headers)
 79 |         writer.writeheader()
 80 |         for row in writeups:
 81 |             writer.writerow(row)
 82 | 
 83 | def builder():
 84 |     writeups_csv = os.path.join(workspace_dir, "writeups.csv")
 85 |     readme_md = os.path.join(workspace_dir, "README.md")
 86 | 
 87 |     if not os.path.isfile(writeups_csv):
 88 |         print("[!!!] writeups.csv doesn't exist")
 89 |         exit(5)
 90 |     
 91 |     writeups = parse_writeups(writeups_csv)
 92 | 
 93 |     for writeup in writeups:
 94 | 
 95 |         # Tweet new writeups
 96 |         if writeup["tweeted"] == "false":
 97 |             print("[+] Tweeting " + writeup["url"])
 98 |             mention = True
 99 |             author = parse_twitter_user(writeup["author-url"])
100 |             if author == False:
101 |                 mention = False
102 |                 author = writeup["author"]
103 |             if new_tweet(writeup["title"], writeup["bounty"], author, writeup["url"], mention=mention) == True:
104 |                 writeup["tweeted"] = "true"
105 |                 print("[+] Writeup " + writeup["url"] + " tweeted and updated successfully")
106 |         
107 |         # Archive writeups
108 |         if writeup["archive-url"] == "?":
109 |             if writeup["type"] != "video":
110 |                 archive_url = archive(writeup["url"])
111 |                 if archive_url != False:
112 |                     writeup["archive-url"] = archive_url
113 | 
114 |     # Generate new README.md
115 |     csv_to_readme.generate_readme(writeups, readme_md)
116 |     
117 |     write_writeups(writeups, writeups_csv)
118 | 
119 |     # Request an archive for the repo page
120 |     archive(repo_url)
121 | 
122 | builder()
123 | 


--------------------------------------------------------------------------------
/writeups.csv:
--------------------------------------------------------------------------------
  1 | date,bounty,title,url,author,author-url,type,tweeted,archive-url
  2 | ?,5000,Google VRP : oAuth token stealing,http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html,Harsh Jaiswal,https://twitter.com/rootxharsh,blog,true,https://web.archive.org/web/20210426134427/http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html
  3 | ?,?,Unauth meetings access,https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs,Rojan Rijal,https://twitter.com/mallocsys,blog,true,https://web.archive.org/web/20210426134719/https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs
  4 | ?,?,XSS vulnerability in Google Cloud Shell’s code editor through mini-browser endpoint,https://ψ.fun/i/ZK9Kv,Psi,https://ψ.fun/,blog,true,https://web.archive.org/web/20210426134738/https://xn--9xa.fun/i/ZK9Kv
  5 | ?,?,Information leakage vulnerability in Google Cloud Shell’s proxy service,https://ψ.fun/i/KPMGz,Psi,https://ψ.fun/,blog,true,https://web.archive.org/web/20210426135117/https://xn--9xa.fun/i/KPMGz
  6 | ?,?,XSS vulnerability in Google Cloud Shell’s code editor through SVG files,https://ψ.fun/i/92uQC,Psi,https://ψ.fun/,blog,true,https://web.archive.org/web/20210426135226/https://xn--9xa.fun/i/92uQC
  7 | ?,?,CSWSH vulnerability in Google Cloud Shell’s code editor,https://ψ.fun/i/yvpMj,Psi,https://ψ.fun/,blog,true,https://web.archive.org/web/20210426135214/https://xn--9xa.fun/i/yvpMj
  8 | ?,3133.7,Open redirects that matter,https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter,Tomasz Bojarski,https://bughunter.withgoogle.com/profile/c25fa487-a4df-4e2e-b877-4d31d8964b82,blog,true,https://web.archive.org/web/20210426135137/https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter
  9 | ?,?,Voice Squatting & Voice Masquerading Attack against Amazon Alexa and Google Home Actions,https://sites.google.com/site/voicevpasec/,?,?,blog,true,https://web.archive.org/web/20210426140434/https://sites.google.com/site/voicevpasec/
 10 | ?,?,Blind XSS against a Googler,https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss,Rojan Rijal,https://twitter.com/mallocsys,blog,true,https://web.archive.org/web/20210426135137/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss
 11 | ?,?,Multiple XSSs on hire.withgoogle.com,https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses,Rojan Rijal,https://twitter.com/mallocsys,blog,true,https://web.archive.org/web/20210426140538/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses
 12 | ?,?,Auth Issues on hire.withgoogle.com,https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues,Rojan Rijal,https://twitter.com/mallocsys,blog,true,https://web.archive.org/web/20210426140604/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues
 13 | ?,?,G Suite - Device Management XSS,https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management,Rojan Rijal,https://twitter.com/mallocsys,blog,true,https://web.archive.org/web/20210426140631/https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management
 14 | 2013-07-08,?,Stored XSS in GMail,https://blog.miki.it/2013/7/8/stored-xss-in-gmail/,Michele Spagnuolo,https://twitter.com/mikispag,blog,true,https://web.archive.org/web/20210426140721/https://blog.miki.it/2013/7/8/stored-xss-in-gmail/
 15 | 2013-09-15,3133.7,XSRF and Cookie manipulation on google.com,https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/,Michele Spagnuolo,https://twitter.com/mikispag,blog,true,https://web.archive.org/web/20210426140814/https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/
 16 | 2014-01-10,?,"Again, from Nay to Yay in Google Vulnerability Reward Program!",https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html,Ahmad Ashraff,https://twitter.com/yappare,blog,true,https://web.archive.org/web/20210426140901/https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html
 17 | 2014-08-13,?,"I hate you, so I pawn your Google Open Gallery",https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html,Ahmad Ashraff,https://twitter.com/yappare,blog,true,https://web.archive.org/web/20210426141004/https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html
 18 | 2014-10-26,1337,Youtube XSS Vulnerability (Stored -> Self Executed),https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/,Jasminder Pal Singh,https://twitter.com/Singh_Jasminder,blog,true,https://web.archive.org/web/20210426141030/https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/
 19 | 2014-10-31,5000,The 5000$ Google XSS,https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/,Patrik Fehrenbach,https://twitter.com/itsecurityguard,blog,true,https://web.archive.org/web/20210426141105/https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/
 20 | 2015-06-26,3133.7,Youtube Editor XSS Vulnerability,https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/,Jasminder Pal Singh,https://twitter.com/Singh_Jasminder,blog,true,https://web.archive.org/web/20210426141130/https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/
 21 | 2015-10-29,?,XSS in YouTube Gaming,http://respectxss.blogspot.com/2015/10/xss-in-youtube-gaming.html,Ashar Javed,https://twitter.com/soaj1664ashar,blog,true,https://web.archive.org/web/20210426141159/https://apis.google.com/js/plusone.js
 22 | 2015-12-08,?,Creative bug which result Stored XSS on m.youtube.com,http://sasi2103.blogspot.com/2015/12/creative-bug-which-result-stored-xss-on.html,Sasi Levi,https://twitter.com/sasi2103,blog,true,https://web.archive.org/web/20210426141238/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css
 23 | 2016-02-28,?,"Stored, Reflected and DOM XSS in Google for Work Connect (GWC)",http://respectxss.blogspot.com/2016/02/stored-reflected-and-dom-xss-in-google.html,Ashar Javed,https://twitter.com/soaj1664ashar,blog,true,https://web.archive.org/web/20210426141309/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css
 24 | 2016-08-26,500,$500 getClass,https://www.ezequiel.tech/p/500-getclass.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426141327/https://www.ezequiel.tech/p/500-getclass.html
 25 | 2016-10-09,6000,How I got 6000$ from #Google (Google Cloudshell RCE),https://medium.com/@pranavvenkats/how-i-got-6000-from-google-a4670aa4158d,Pranav Venkat,https://twitter.com/PranavVenkatS,blog,true,https://web.archive.org/web/20211224124304/https://medium.com/@pranavvenkats/how-i-got-6000-from-google-a4670aa4158d
 26 | 2016-11-29,?,War Stories from Google’s Vulnerability Reward Program,https://www.youtube.com/watch?v=QoE0M7v84ZU,Gábor Molnár,https://twitter.com/molnar_g,video,true,?
 27 | 2017-01-04,?,fastboot oem sha1sum,https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/,Roee Hay,https://twitter.com/roeehay,blog,true,https://web.archive.org/web/20210426141546/https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/
 28 | 2017-02-26,3133.7,Exploiting Clickjacking Vulnerability To Steal User Cookies,https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/,Jasminder Pal Singh,https://twitter.com/Singh_Jasminder,blog,true,https://web.archive.org/web/20210426141611/https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/
 29 | 2017-03-01,?,"Ok Google, Give Me All Your Internal DNS Information!",https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/,Julien Ahrens,https://twitter.com/MrTuxracer,blog,true,https://web.archive.org/web/20210426141632/https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/
 30 | 2017-03-09,5000,"How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)",https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff,Marin Moulinier,https://github.com/marin-m,blog,true,https://web.archive.org/web/20210426154813/https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff
 31 | 2017-06-08,?,RuhrSec 2017: Secrets of the Google Vulnerability Reward Program,https://www.youtube.com/watch?v=ueEsOnHJZ80,Krzysztof Kotowicz,https://ch.linkedin.com/in/kkotowicz,video,true,?
 32 | 2017-06-21,?,nullcon Goa 2017 - Great Bugs In Google VRP In 2016,https://www.youtube.com/watch?v=zs_nEJ9fh_4,Martin Straka and Karshan Sharma,https://nullcon.net/website/goa-2017/about-speakers.php,video,true,?
 33 | 2017-10-30,15600,"How I hacked Google’s bug tracking system itself for $15,600 in bounties",https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5,Alex Birsan,https://twitter.com/alxbrsn,blog,true,https://web.archive.org/web/20210426142116/https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5
 34 | 2018-02-14,7500,$7.5k Google services mix-up,https://www.ezequiel.tech/p/75k-google-services-mix-up.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426142153/https://www.ezequiel.tech/p/75k-google-services-mix-up.html
 35 | 2018-02-19,?,Google bugs stories and the shiny pixelbook,https://bughunt1307.herokuapp.com/googlebugs.html,Missoum Said,https://twitter.com/missoum1307,blog,true,https://web.archive.org/web/20210426142214/https://bughunt1307.herokuapp.com/googlebugs.html
 36 | 2018-02-24,13337,Bypassing Google’s authentication to access their Internal Admin panels,https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3,Vishnu Prasad P G,https://twitter.com/vishnuprasadnta,blog,true,https://web.archive.org/web/20210426142233/https://infosecwriteups.com/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3?gi=7dceba0c0601
 37 | 2018-03-07,13337,"Stored XSS, and SSRF in Google using the Dataset Publishing Language",https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html,Craig Arendt,https://twitter.com/signalchaos,blog,true,https://web.archive.org/web/20210426142313/https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html
 38 | 2018-03-28,?,Stored XSS on biz.waze.com,https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss,Rojan Rijal,https://twitter.com/mallocsys,blog,true,https://web.archive.org/web/20210426142404/https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss
 39 | 2018-03-31,5000,$5k Service dependencies,https://www.ezequiel.tech/p/5k-service-dependencies.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426142421/https://www.ezequiel.tech/p/5k-service-dependencies.html
 40 | 2018-04-06,5000,Missing access control in Google play store,https://vishwarajbhattrai.wordpress.com/2019/06/03/missing-access-control-at-play-store/,Vishwaraj Bhattrai,https://twitter.com/vishwaraj101,blog,true,https://web.archive.org/web/20220906194012/https://vishwarajbhattrai.wordpress.com/2019/06/03/missing-access-control-at-play-store/
 41 | 2018-05-25,?,Waze remote vulnerabilities,http://blog.appscan.io/index.php/2018/05/25/waze-remote-vulnerability-technical-report/,PanguTeam,https://twitter.com/PanguTeam,blog,true,https://web.archive.org/web/20210426142449/https://platform.twitter.com/widgets.js
 42 | 2018-08-22,?,Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org,https://websecblog.com/vulns/stored-xss-in-webcomponents-org/,Thomas Orlita,https://twitter.com/ThomasOrlita,blog,true,https://web.archive.org/web/20210426142509/https://websecblog.com/vulns/stored-xss-in-webcomponents-org/
 43 | 2018-09-05,?,Reflected XSS in Google Code Jam,https://websecblog.com/vulns/reflected-xss-in-google-code-jam/,Thomas Orlita,https://twitter.com/ThomasOrlita,blog,true,https://web.archive.org/web/20210426142529/https://websecblog.com/vulns/reflected-xss-in-google-code-jam/
 44 | 2018-10-04,?,GoogleMeetRoulette: Joining random meetings,https://www.martinvigo.com/googlemeetroulette/,Martin Vigo,https://twitter.com/martin_vigo,blog,true,https://web.archive.org/web/20210426142548/https://www.martinvigo.com/googlemeetroulette/
 45 | 2018-11-11,7500,"Clickjacking on Google MyAccount Worth 7,500$",https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/,Apapedulimu,https://twitter.com/LocalHost31337,blog,true,https://web.archive.org/web/20210426142610/https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/
 46 | 2018-11-14,58837,Google Cloud Platform vulnerabilities - BugSWAT,https://www.youtube.com/watch?v=9pviQ19njIs,Ezequiel Pereira,https://twitter.com/epereiralopez,video,true,?
 47 | 2018-11-19,?,XS-Searching Google’s bug tracker to find out vulnerable source code,https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549,Luan Herrera,https://twitter.com/lbherrera_,blog,true,https://web.archive.org/web/20210426142831/https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549
 48 | 2018-11-25,?,XSS in Google's Acquisition,https://www.secjuice.com/google-hall-of-fame/,Abartan Dhakal,https://twitter.com/imhaxormad,blog,true,https://web.archive.org/web/20210426142909/https://www.secjuice.com/google-hall-of-fame/
 49 | 2018-12-05,500,Billion Laugh Attack in https://sites.google.com,https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html,Antonio Sanso,https://twitter.com/asanso,blog,true,https://web.archive.org/web/20210426142956/https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html
 50 | 2018-12-11,?,Clickjacking DOM XSS on Google.org,https://websecblog.com/vulns/clickjacking-xss-on-google-org/,Thomas Orlita,https://twitter.com/ThomasOrlita,blog,true,https://web.archive.org/web/20210426143010/https://websecblog.com/vulns/clickjacking-xss-on-google-org/
 51 | 2018-12-12,?,XSSing Google Code-in thanks to improperly escaped JSON data,https://websecblog.com/vulns/google-code-in-xss/,Thomas Orlita,https://twitter.com/ThomasOrlita,blog,true,https://web.archive.org/web/20210426143039/https://websecblog.com/vulns/google-code-in-xss/
 52 | 2019-01-18,10000,$10k host header,https://www.ezequiel.tech/p/10k-host-header.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426143105/https://www.ezequiel.tech/p/10k-host-header.html
 53 | 2019-01-25,3133.7,"How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)",https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20210714192039/https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1
 54 | 2019-01-30,7500,$7.5k Google Cloud Platform organization issue,https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426143153/https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html
 55 | 2019-01-31,?,LFI in Apigee portals,https://offensi.com/2019/01/31/lfi-in-apigee-portals/,Wouter ter Maat,https://twitter.com/wtm_offensi,blog,true,https://web.archive.org/web/20210426143319/https://offensi.com/2019/01/31/lfi-in-apigee-portals/
 56 | 2019-02-12,?,Hacking YouTube for #fun and #profit,https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/,Alexandru Coltuneac,https://twitter.com/dekeeu,blog,true,https://web.archive.org/web/20210426143407/https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/
 57 | 2019-03-26,3133.7,How I could have hijacked a victim’s YouTube notifications!,https://hackademic.co.in/youtube-bug/,Yash Sodha,https://twitter.com/y_sodha,blog,true,https://web.archive.org/web/20210426143444/https://hackademic.co.in/youtube-bug/
 58 | 2019-03-29,0,Inserting arbitrary files into anyone’s Google Earth Projects Archive,https://websecblog.com/vulns/google-earth-studio-vulnerability/,Thomas Orlita,https://twitter.com/ThomasOrlita,blog,true,https://web.archive.org/web/20210426143537/https://websecblog.com/vulns/google-earth-studio-vulnerability/
 59 | 2019-03-31,?,XSS on Google Search - Sanitizing HTML in The Client?,https://www.youtube.com/watch?v=lG7U3fuNw3A,LiveOverflow,https://twitter.com/LiveOverflow/,video,true,?
 60 | 2019-04-23,?,Best Of Google VRP 2018 | nullcon Goa 2019,https://www.youtube.com/watch?v=mJwZfRXs83M,Daniel Stelter-Gliese,https://ch.linkedin.com/in/daniel-stelter-gliese-170a70a2,video,true,?
 61 | 2019-04-27,0,Broken Access: Posting to Google private groups through any user in the group,https://elbs.medium.com/broken-access-posting-to-google-private-groups-through-any-user-in-the-group-3becfa818894,Elber Andre,https://twitter.com/elber333,blog,true,https://web.archive.org/web/20220319113457/https://elbs.medium.com/broken-access-posting-to-google-private-groups-through-any-user-in-the-group-3becfa818894
 62 | 2019-05-21,13337,"Google Bug Bounty: LFI on Production Servers in “springboard.google.com” – $13,337 USD",https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/,Omar Espino,https://twitter.com/omespino,blog,true,https://web.archive.org/web/20210426143959/https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/
 63 | 2019-07-10,?,Gsuite Hangouts Chat 5k IDOR,https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html,Cameron Vincent,https://twitter.com/secretlyhidden1,blog,true,https://web.archive.org/web/20210426144021/https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html
 64 | 2019-07-20,13337,Into the Borg – SSRF inside Google production network,https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/,Enguerran Gillier,https://twitter.com/opnsec,blog,true,https://web.archive.org/web/20210426144037/https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/
 65 | 2019-08-31,36337,$36k Google App Engine RCE,https://www.ezequiel.tech/p/36k-google-app-engine-rce.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426144056/https://www.ezequiel.tech/p/36k-google-app-engine-rce.html
 66 | 2019-09-09,?,Combination of techniques lead to DOM Based XSS in Google,http://sasi2103.blogspot.com/2016/09/combination-of-techniques-lead-to-dom.html,Sasi Levi,https://twitter.com/sasi2103,blog,true,https://web.archive.org/web/20210426144125/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css
 67 | 2019-10-01,5000,Google Paid Me to Talk About a Security Issue!,https://www.youtube.com/watch?v=E-P9USG6kLs,LiveOverflow,https://twitter.com/LiveOverflow/,video,true,?
 68 | 2019-11-18,?,XSS in GMail’s AMP4Email via DOM Clobbering,https://research.securitum.com/xss-in-amp4email-dom-clobbering/,Michał Bentkowski,https://twitter.com/SecurityMB,blog,true,https://web.archive.org/web/20210426144343/https://research.securitum.com/xss-in-amp4email-dom-clobbering/
 69 | 2019-11-29,1337,Writeup for the 2019 Google Cloud Platform VRP Prize!,https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204,Missoum Said,https://twitter.com/missoum1307,blog,true,https://web.archive.org/web/20210426144427/https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204
 70 | 2019-12-09,?,BlackAlps 2019: Google Bug Hunters,https://www.youtube.com/watch?v=DTXUMBc1zEc,Eduardo Vela Nava,https://twitter.com/sirdarckcat,video,true,?
 71 | 2019-12-15,5000,The File uploading CSRF in Google Cloud Shell Editor,https://obmiblog.blogspot.com/2019/12/gcp-5k-file-uploading-csrf.html,Obmi,https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20210426144654/https://obmiblog.blogspot.com/2019/12/gcp-5k-file-uploading-csrf.html
 72 | 2019-12-15,5000,The oauth token hijacking in Google Cloud Shell Editor,https://obmiblog.blogspot.com/2019/12/gcp-5k-oauth-token-hijack.html,Obmi,https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20210426144818/https://obmiblog.blogspot.com/2019/12/gcp-5k-oauth-token-hijack.html
 73 | 2019-12-15,5000,The XSS ( type II ) in Google Cloud Shell Editor,https://obmiblog.blogspot.com/2019/12/gcp-5k-xss-type-ii.html,Obmi,https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20210426144843/https://obmiblog.blogspot.com/2019/12/gcp-5k-xss-type-ii.html
 74 | 2019-12-16,?,4 Google Cloud Shell bugs explained,https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/,Wouter ter Maat,https://twitter.com/wtm_offensi,blog,true,https://web.archive.org/web/20210426144926/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/
 75 | 2019-12-19,?,SSRF in Google Cloud Platform StackDriver,https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/,Ron Chan,https://twitter.com/ngalongc,blog,true,https://web.archive.org/web/20210426144944/https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/
 76 | 2019-12-30,3133.7,How did I earn $3133.70 from Google Translator? (XSS),https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc,Beri Bey,https://medium.com/@beribeys,blog,true,https://web.archive.org/web/20210426145004/https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc
 77 | 2020-01-12,?,Information Disclosure Vulnerability in the Google Cloud Speech-to-Text API,https://www.dcine.com/2020/01/12/information-disclosure-vulnerability-in-the-google-cloud-speech-to-text-api/,Dan Maas,https://www.linkedin.com/in/dan-maas-66b2a045/,blog,true,https://web.archive.org/web/20210426154851/https://www.dcine.com/2020/01/12/information-disclosure-vulnerability-in-the-google-cloud-speech-to-text-api/
 78 | 2020-03-07,5000,Google Ads Self-XSS & Html Injection $5000,https://medium.com/@adonkidz7/google-ads-self-xss-html-injection-5000-52280da76c80,Syahri Ramadan,https://twitter.com/adonkidz7,blog,true,https://web.archive.org/web/20210426145106/https://medium.com/@adonkidz7/google-ads-self-xss-html-injection-5000-52280da76c80
 79 | 2020-03-08,6000,The unexpected Google wide domain check bypass,https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20210426145128/https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/
 80 | 2020-03-10,3133.7,Cookie Tossing to RCE on Google Cloud JupyterLab,https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks,s1r1us,https://twitter.com/S1r1u5_,blog,true,https://web.archive.org/web/20211216174102/https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks
 81 | 2020-03-11,100000,$100k Hacking Prize - Security Bugs in Google Cloud Platform,https://www.youtube.com/watch?v=J2icGMocQds,LiveOverflow,https://twitter.com/LiveOverflow/,video,true,?
 82 | 2020-03-27,3133.7,$3133.7 Google Bug Bounty Writeup- XSS Vulnerability!,https://pethuraj.com/blog/google-bug-bounty-writeup/,Pethuraj M,https://twitter.com/itsmepethu,blog,true,https://web.archive.org/web/20210426145344/https://www.pethuraj.com/blog/google-bug-bounty-writeup/
 83 | 2020-04-30,6267.4,Researching Polymorphic Images for XSS on Google Scholar,https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html,Lorenzo Stella,https://twitter.com/doyensec,blog,true,https://web.archive.org/web/20210426145402/https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html
 84 | 2020-05-03,?,DOM XSS in Gmail with a little help from Chrome,https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/,Enguerran Gillier,https://twitter.com/opnsec,blog,true,https://web.archive.org/web/20210426145435/https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/
 85 | 2020-05-07,3133.7,DOM-Based XSS at accounts.google.com by Google Voice Extension,http://www.missoumsai.com/google-accounts-xss.html,Missoum Said,https://twitter.com/missoum1307,blog,true,https://web.archive.org/web/20210426145453/https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js
 86 | 2020-05-07,?,Google Acquisition XSS (Apigee),https://medium.com/@TnMch/google-acquisition-xss-apigee-5479d7b5dc4,TnMch,https://twitter.com/TnMch_,blog,true,https://web.archive.org/web/20210426145510/https://medium.com/@TnMch/google-acquisition-xss-apigee-5479d7b5dc4
 87 | 2020-05-08,4133.70,Bypass XSS filter using HTML Escape,https://medium.com/@adonkidz7/bypass-xss-filter-using-html-escape-f2e06bebc8c3,Syahri Ramadan,https://twitter.com/adonkidz7,blog,true,https://web.archive.org/web/20210426145550/https://medium.com/@adonkidz7/bypass-xss-filter-using-html-escape-f2e06bebc8c3
 88 | 2020-05-10,?,Bypassing Firebase authorization to create custom goo.gl subdomains,https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/,Thomas Orlita,https://twitter.com/ThomasOrlita,blog,true,https://web.archive.org/web/20210426145625/https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/
 89 | 2020-05-21,31337,RCE in Google Cloud Deployment Manager,https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426145643/https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html
 90 | 2020-06-04,?,Privilege Escalation in Google Cloud Platform's OS Login,https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020,Chris Moberly,https://twitter.com/init_string,blog,true,https://web.archive.org/web/20210426145702/https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020
 91 | 2020-06-04,?,Three Privilege Escalation Bugs in Google Cloud Platform’s OS Login,https://initblog.com/2020/oslogin-privesc/,initstring,https://twitter.com/init_string,blog,true,https://web.archive.org/web/20231124071907/https://initblog.com/2020/oslogin-privesc/
 92 | 2020-06-06,500,How i earned $500 from google by change one character .,https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5,Oday Alhalbe,https://bughunter.withgoogle.com/profile/91a2e03b-0b0d-422c-9cd6-aa2a2ae24b57,blog,true,https://web.archive.org/web/20210426145720/https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5
 93 | 2020-06-15,3133.7,SMTP Injection in Gsuite,https://www.ehpus.com/post/smtp-injection-in-gsuite,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210426145801/https://www.ehpus.com/post/smtp-injection-in-gsuite
 94 | 2020-07-14,6267.40,Hunting postMessage Vulnerabilities,https://web.archive.org/web/20211016075506/https://insight.claranet.co.uk/technical-blogs/hunting-postmessage-vulnerabilities,Gary O'leary-Steele,https://twitter.com/garyoleary,blog,true,?
 95 | 2020-07-17,5000,Idor in google product,https://medium.com/@balook/idor-in-google-datastudio-google-com-f2fa51b763de,baluz,https://twitter.com/critical_b0y,blog,true,https://web.archive.org/web/20210426145859/https://balook.medium.com/idor-in-google-datastudio-google-com-f2fa51b763de
 96 | 2020-07-28,1337,Authorization bypass in Google’s ticketing system (Google-GUTS),https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210426145929/https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system
 97 | 2020-07-31,4133.7,Script Gadgets! Google Docs XSS Vulnerability Walkthrough,https://www.youtube.com/watch?v=aCexqB9qi70,LiveOverflow,https://twitter.com/LiveOverflow/,video,true,?
 98 | 2020-08-15,?,How I was able to send Authentic Emails as others - Google VRP (Resolved),https://medium.com/@sriram_offcl/how-i-was-able-to-send-authentic-emails-as-others-google-vrp-resolved-2af94295f326,Sriram Kesavan,https://www.twitter.com/sriramoffcl/,blog,true,https://web.archive.org/web/20210426150142/https://infosecwriteups.com/how-i-was-able-to-send-authentic-emails-as-others-google-vrp-resolved-2af94295f326?gi=f5aa5ddfe308
 99 | 2020-08-17,?,Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties,https://abss.me/posts/fcm-takeover/,Abss,https://twitter.com/absshax,blog,true,https://web.archive.org/web/20211106114016/https://abss.me/posts/fcm-takeover/
100 | 2020-08-18,?,How to contact Google SRE: Dropping a shell in Cloud SQL,https://www.ezequiel.tech/2020/08/dropping-shell-in.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426150212/https://www.ezequiel.tech/2020/08/dropping-shell-in.html
101 | 2020-08-18,?,Three More Google Cloud Shell Bugs Explained,https://blog.daviddworken.com/posts/cloud-shell-bugs-explained/,David Dworken,https://twitter.com/ddworken,blog,true,https://web.archive.org/web/20210426150303/https://blog.daviddworken.com/posts/cloud-shell-bugs-explained/
102 | 2020-08-19,?,The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer,https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/,Allison Husain,https://twitter.com/ezhes_,blog,true,https://web.archive.org/web/20210426150355/https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
103 | 2020-08-22,?,The Short tale of two bugs on Google Cloud Product— Google VRP (Resolved),https://medium.com/bugbountywriteup/the-short-tale-of-two-bugs-on-google-cloud-product-google-vrp-resolved-47c913dca8fc,Sriram Kesavan,https://twitter.com/sriramoffcl,blog,true,https://web.archive.org/web/20210426155551/https://medium.com/bugbountywriteup/the-short-tale-of-two-bugs-on-google-cloud-product-google-vrp-resolved-47c913dca8fc
104 | 2020-08-25,1337,How I Tracked Your Mother: Tracking Waze drivers using UI elements,https://www.malgregator.com/post/waze-how-i-tracked-your-mother/,Peter Gasper,https://github.com/viralpoetry,blog,true,https://web.archive.org/web/20210426150447/https://www.malgregator.com/post/waze-how-i-tracked-your-mother/
105 | 2020-08-26,?,Auth bypass: Leaking Google Cloud service accounts and projects,https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html,Ezequiel Pereira,https://twitter.com/epereiralopez,blog,true,https://web.archive.org/web/20210426150539/https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html
106 | 2020-09-07,1337,My first bug in google and how i got CSRF token for victim account rather than bypass it,https://medium.com/@odayalhalbe1/my-first-bug-in-google-and-how-i-got-csrf-token-for-victim-account-rather-than-bypass-it-1337-bf01261feb47,Oday Alhalbe,https://bughunter.withgoogle.com/profile/91a2e03b-0b0d-422c-9cd6-aa2a2ae24b57,blog,true,https://web.archive.org/web/20210426150615/https://medium.com/@odayalhalbe1/my-first-bug-in-google-and-how-i-got-csrf-token-for-victim-account-rather-than-bypass-it-1337-bf01261feb47
107 | 2020-09-08,10000,XSS->Fix->Bypass: 10000$ bounty in Google Maps,https://www.ehpus.com/post/xss-fix-bypass-10000-bounty-in-google-maps,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210426150640/https://www.ehpus.com/post/xss-fix-bypass-10000-bounty-in-google-maps
108 | 2020-09-10,15000,Universal XSS in Android WebView (CVE-2020-6506),https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/,Alesandro Ortiz,https://twitter.com/AlesandroOrtizR,blog,true,https://web.archive.org/web/20231026202309/https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/
109 | 2020-09-20,500,How I earned $500 from Google - Flaw in Authentication,https://medium.com/bugbountywriteup/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616/,Hemant Patidar,https://twitter.com/HemantSolo,blog,true,https://web.archive.org/web/20210426150722/https://infosecwriteups.com/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616?gi=a7363b706775
110 | 2020-09-29,?,Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts,https://websecblog.com/vulns/public-google-cloud-blog-bucket/,Thomas Orlita,https://twitter.com/ThomasOrlita,blog,true,https://web.archive.org/web/20210426150759/https://websecblog.com/vulns/public-google-cloud-blog-bucket/
111 | 2020-10-01,5000,"Google bug bounty: XSS to Cloud Shell instance takeover (RCE as root) - $5,000 USD",https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/,Omar Espino,https://twitter.com/omespino,blog,true,https://web.archive.org/web/20210426150845/https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/
112 | 2020-10-08,30000,The mass CSRFing of \*.google.com/\* products.,http://www.missoumsai.com/google-csrfs.html,Missoum Said,https://twitter.com/missoum1307,blog,true,https://web.archive.org/web/20210426150958/https://imgur.com/3fvPuXW
113 | 2020-10-15,?,"CVE-2020-15157 ""ContainerDrip"" Write-up",https://darkbit.io/blog/cve-2020-15157-containerdrip,Brad Geesaman,https://twitter.com/bradgeesaman,blog,true,https://web.archive.org/web/20220511152642/https://darkbit.io/blog/cve-2020-15157-containerdrip
114 | 2020-10-26,0,Deciphering Google’s mysterious ‘batchexecute’ system,https://kovatch.medium.com/deciphering-google-batchexecute-74991e4e446c,Ryan Kovatch,https://kovatch.medium.com/,blog,true,https://web.archive.org/web/20210426151014/https://kovatch.medium.com/deciphering-google-batchexecute-74991e4e446c
115 | 2020-10-27,6337,The YouTube bug that allowed unlisted uploads to any channel,https://infosecwriteups.com/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a,Ryan Kovatch,https://kovatch.medium.com/,blog,true,https://web.archive.org/web/20210426151058/https://infosecwriteups.com/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a?gi=82b6e1c806bb
116 | 2020-11-12,31337,31k$ SSRF in Google Cloud Monitoring led to metadata exposure,https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html,David Nechuta,https://twitter.com/david_nechuta,blog,true,https://web.archive.org/web/20210426151128/https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html
117 | 2020-12-19,0,Google VRP – Sandboxed RCE as root on Apigee API proxies,https://omespino.com/write-up-google-vrp-n-a-sandboxed-rce-as-root-on-apigee-api-proxies/,Omar Espino,https://twitter.com/omespino,blog,true,https://web.archive.org/web/20210426151230/https://omespino.com/write-up-google-vrp-n-a-sandboxed-rce-as-root-on-apigee-api-proxies/
118 | 2020-12-21,0,remote code execution when open a project in android studio that google refused to fix,https://seclists.org/fulldisclosure/2020/Dec/43,houjingyi,?,blog,true,https://web.archive.org/web/20210426151314/https://seclists.org/fulldisclosure/2020/Dec/43
119 | 2020-12-22,0,SSTI in Google Maps,https://www.ehpus.com/post/ssti-in-google-maps,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210426151335/https://www.ehpus.com/post/ssti-in-google-maps
120 | 2020-12-27,?,Google VRP Hijacking Google Docs Screenshots,https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/,Sreeram KL,https://blog.geekycat.in/author/sreeram/,blog,true,https://web.archive.org/web/20210426151431/https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/
121 | 2020-12-30,?,Getting my first Google VRP trophies,https://irsl.medium.com/getting-my-first-google-vrp-trophies-b56d700face,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20210426151523/https://irsl.medium.com/getting-my-first-google-vrp-trophies-b56d700face
122 | 2021-01-08,3133.7,Blind XSS in Google Analytics Admin Panel — $3133.70,https://ashketchum.medium.com/blind-xss-in-google-analytics-admin-panel-3133-70-2185d1cce82a,Ashish Dhone,https://www.linkedin.com/in/ashish-dhone-640489135/,blog,true,https://web.archive.org/web/20210426151612/https://ashketchum.medium.com/blind-xss-in-google-analytics-admin-panel-3133-70-2185d1cce82a
123 | 2021-01-11,5000,"Stealing Your Private YouTube Videos, One Frame at a Time",https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20210426154944/https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/
124 | 2021-01-18,1337,The Embedded YouTube Player Told Me What You Were Watching (and more),https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20210426151731/https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/
125 | 2021-01-25,5000,This YouTube Backend API Leaks Private Videos,https://www.youtube.com/watch?v=rGx8DB2HsuI,Hussein Nasser,https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg,video,true,?
126 | 2021-01-27,?,"Hijacking Google Drive Files (documents, photo & video) through Google Docs Sharing",https://santuysec.id/2021/01/27/hijacking-google-drive-files-documents-photo-video-through-google-docs-sharing/,santuySec,https://twitter.com/santuySec,blog,true,https://web.archive.org/web/20210426152019/https://santuysec.id/2021/01/27/hijacking-google-drive-files-documents-photo-video-through-google-docs-sharing/
127 | 2021-01-31,5000,Hacking YouTube to watch private videos?,https://www.youtube.com/watch?v=hV9CWw0yDA8,Tech Raj,https://www.youtube.com/channel/UCY7t-zBYtdj6ZgiRpi3WIYg,video,true,?
128 | 2021-02-16,0,Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story),https://irsl.medium.com/dropping-a-shell-in-googles-cloud-sql-the-speckle-umbrella-story-f9375bd4960d,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20210426152305/https://irsl.medium.com/dropping-a-shell-in-googles-cloud-sql-the-speckle-umbrella-story-f9375bd4960d
129 | 2021-02-28,?,Metadata service MITM allows root privilege escalation (EKS / GKE),https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE/,Etienne Champetier,https://twitter.com/champtar,blog,true,https://web.archive.org/web/20210629160052/https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE/
130 | 2021-03-08,0,Google VRP N/A: SSRF Bypass with Quadzero in Google Cloud Monitoring,https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/,Omar Espino,https://twitter.com/omespino,blog,true,https://web.archive.org/web/20210426152353/https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/
131 | 2021-03-08,5000,"$5,000 YouTube IDOR",https://www.youtube.com/watch?v=FzT3Z7tgDSQ,Bug Bounty Reports Explained,https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g,video,true,?
132 | 2021-03-11,3133.7,How I Get Blind XSS At Google With Dork (First Bounty and HOF ),https://apapedulimu.click/google-vrp-how-i-get-blind-xss-at-google-with-dork-first-bounty-and-hof/,Rio Mulyadi Pulungan,https://twitter.com/riomulyadi_,blog,true,https://web.archive.org/web/20210426152641/https://apapedulimu.click/google-vrp-how-i-get-blind-xss-at-google-with-dork-first-bounty-and-hof/
133 | 2021-03-17,165174,"Hacking into Google's Network for $133,337",https://www.youtube.com/watch?v=g-JgA1hvJzA,LiveOverflow,https://twitter.com/LiveOverflow/,video,true,?
134 | 2021-03-21,?,How I made it to Google HOF?,https://infosecwriteups.com/how-i-made-it-to-google-hof-f1cec85fdb1b,Sudhanshu Rajbhar,https://twitter.com/sudhanshur705,blog,true,https://web.archive.org/web/20210426152901/https://infosecwriteups.com/how-i-made-it-to-google-hof-f1cec85fdb1b?gi=830e2567977d
135 | 2021-03-22,5000,File System Access API - vulnerabilities,https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome,Maciej Pulikowski,https://twitter.com/pulik_io,blog,true,https://web.archive.org/web/20220906194544/https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome
136 | 2021-04-02,100,"Play a game, get Subscribed to my channel - YouTube Clickjacking Bug",https://infosecwriteups.com/play-a-game-get-subscribed-to-my-channel-youtube-clickjacking-bug-googlevrp-6ce1d15542d3,Sriram Kesavan,https://twitter.com/sriramoffcl,blog,true,https://web.archive.org/web/20210429095020/https://infosecwriteups.com/play-a-game-get-subscribed-to-my-channel-youtube-clickjacking-bug-googlevrp-6ce1d15542d3?gi=1b8e222195b
137 | 2021-04-05,6000,I Built a TV That Plays All of Your Private YouTube Videos,https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20210426152923/https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/
138 | 2021-04-06,31337,"$31,337 Google Cloud blind SSRF + HANDS-ON labs",https://www.youtube.com/watch?v=ashSoc59z1Y,Bug Bounty Reports Explained,https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g,video,true,?
139 | 2021-04-09,31337,"Explaining the exploit to $31,337 Google Cloud blind SSRF",https://www.youtube.com/watch?v=q0YgfwOndOw,Bug Bounty Reports Explained,https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g,video,true,?
140 | 2021-04-13,1337,Google Photos : Theft of Database & Arbitrary Files Android Vulnerability,https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/,Rahul Kankrale,https://twitter.com/RahulKankrale,blog,true,https://web.archive.org/web/20210426171424/https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/
141 | 2021-04-20,?,Auth Bypass in Google Workspace Real Time Collaboration,https://feed.bugs.xdavidhu.me/bugs/0002,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20210429095041/https://feed.bugs.xdavidhu.me/bugs/0002
142 | 2021-04-21,?,IDOR leads to how many likes that was hidden | Youtube,https://randobugbountywu.blogspot.com/2021/04/idor-leads-to-how-many-likes-that-was.html,R Ando,https://twitter.com/Rando02355205,blog,true,https://web.archive.org/web/20210601152051/https://randobugbountywu.blogspot.com/2021/04/idor-leads-to-how-many-likes-that-was.html
143 | 2021-04-29,?,De-anonymising Anonymous Animals in Google Workspace,https://feed.bugs.xdavidhu.me/bugs/0003,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20210429095111/https://feed.bugs.xdavidhu.me/bugs/0003
144 | 2021-05-05,?,How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit,https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html,Robert Grosse,https://www.reddit.com/user/Uncaffeinated/,blog,true,https://web.archive.org/web/20210507101404/https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html
145 | 2021-05-16,5000,Auth Bypass in https://nearbydevices-pa.googleapis.com,https://feed.bugs.xdavidhu.me/bugs/0004,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20210516220256/https://feed.bugs.xdavidhu.me/bugs/0004
146 | 2021-05-17,?,Clickjacking in Nearby Devices Dashboard,https://feed.bugs.xdavidhu.me/bugs/0005,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20210517120128/https://feed.bugs.xdavidhu.me/bugs/0005
147 | 2021-05-31,10000,AppCache's forgotten tales,https://blog.lbherrera.me/posts/appcache-forgotten-tales/,Luan Herrera,https://twitter.com/lbherrera_,blog,true,https://web.archive.org/web/20210601152111/https://blog.lbherrera.me/posts/appcache-forgotten-tales/
148 | 2021-06-09,500,Author spoofing in Google Colaboratory,https://www.ehpus.com/post/author-spoofing-in-google-colaboratory,Zohar Shacha,https://www.linkedin.com/in/zohar-shachar/,blog,true,https://web.archive.org/web/20210609191502/https://www.ehpus.com/post/author-spoofing-in-google-colaboratory
149 | 2021-06-13,3133.7,Privilege escalation on https://dialogflow.cloud.google.com,https://lalka-test.medium.com/google-vrp-privilege-escalation-on-https-dialogflow-cloud-google-com-599af6c4516d,lalka,https://twitter.com/0x01alka,blog,true,https://web.archive.org/web/20210614090237/https://medium.com/@lalka_test/google-vrp-privilege-escalation-on-https-dialogflow-cloud-google-com-599af6c4516d
150 | 2021-06-16,?,Story of Google Hall of Fame and Private program bounty worth $$$$,https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468,Basavaraj Banakar,https://twitter.com/basu_banakar,blog,true,https://web.archive.org/web/20210628185104/https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468?gi=d4a3651a766a
151 | 2021-06-25,?,Google Compute Engine (GCE) VM takeover via DHCP flood,https://github.com/irsl/gcp-dhcp-takeover-code-exec,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20210628184722/https://github.com/irsl/gcp-dhcp-takeover-code-exec
152 | 2021-07-08,0,IDOR on clientauthconfig.googleapis.com,https://feed.bugs.xdavidhu.me/bugs/0009,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20211205190605/https://feed.bugs.xdavidhu.me/bugs/0009
153 | 2021-07-13,?,Unencrypted HTTP Links to Google Scholar in Search,https://feed.bugs.xdavidhu.me/bugs/0010,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20211205190611/https://feed.bugs.xdavidhu.me/bugs/0010
154 | 2021-08-23,?,Hey Google ! - Delete my Data Properly — #GoogleVRP,https://medium.com/techiepedia/hey-google-delete-my-data-properly-googlevrp-83349ca8e0e1,Sriram Kesavan,https://twitter.com/sriramoffcl/,blog,true,https://web.archive.org/web/20211010181548/https://medium.com/techiepedia/hey-google-delete-my-data-properly-googlevrp-83349ca8e0e1
155 | 2021-08-24,?,The Nomulus rift,https://irsl.medium.com/the-nomulus-rift-935a3c4d9300,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20210824194209/https://irsl.medium.com/the-nomulus-rift-935a3c4d9300
156 | 2021-09-06,4133.7,2 CSRF 1 IDOR on Google Marketing Platform,https://apapedulimu.click/story-of-idor-on-google-product/,Apapedulimu,https://twitter.com/LocalHost31337,blog,true,https://web.archive.org/web/20231105080032/https://apapedulimu.click/story-of-idor-on-google-product/
157 | 2021-09-10,1337,Bypassing GCP Org Policy with Custom Metadata,https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html,Kat Traxler,https://twitter.com/NightmareJS,blog,true,https://web.archive.org/web/20211106114030/https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html
158 | 2021-09-28,?,Google Extensible Service Proxy v1 - CWE-287 Improper Authentication,https://seclists.org/fulldisclosure/2021/Sep/51,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20211010181255/https://seclists.org/fulldisclosure/2021/Sep/51
159 | 2021-10-08,25401.1,4 Weird Google VRP Bugs in 40 Minutes - Hacktivity 2021,https://www.youtube.com/watch?v=nP_y-Z-FXr0,David Schütz,https://twitter.com/xdavidhu,video,true,?
160 | 2021-10-11,0,Hacking YouTube With MP4,https://realkeyboardwarrior.github.io/security/2021/10/11/hacking-youtube.html,Florian Mathieu,https://twitter.com/Keyb0ardWarr10r,blog,true,https://web.archive.org/web/20211205180448/https://realkeyboardwarrior.github.io/security/2021/10/11/hacking-youtube.html
161 | 2021-10-14,0,GOOGLE VRP N/A: Arbitrary local file read (macOS) via &lt;a&gt; tag and null byte (%00) in Google Earth Pro Desktop app,https://omespino.com/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/,Omar Espino,https://twitter.com/omespino,blog,true,https://web.archive.org/web/20211106111614/https://omespino.com/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/
162 | 2021-10-18,?,The Speckle Umbrella story — part 2,https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20211106111937/https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea
163 | 2021-10-24,7500,A 7500$ Google sites IDOR,https://r0ckinxj3.wordpress.com/2021/10/24/a-7500-google-sites-idor/,r0ckin,https://twitter.com/r0ckin_,blog,true,https://web.archive.org/web/20220212215914/https://r0ckinxj3.wordpress.com/2021/10/24/a-7500-google-sites-idor/
164 | 2021-11-11,1337,GOOGLE VRP BUG BOUNTY: /etc/environment local variables exfiltrated on Linux Google Earth Pro desktop app,https://omespino.com/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/,Omar Espino,https://twitter.com/omespino,blog,true,https://web.archive.org/web/20211205222340/https://omespino.com/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/
165 | 2021-11-17,10401.10,Reacting to myself finding an SSRF vulnerability in Google Cloud,https://www.youtube.com/watch?v=UyemBjyQ4qA,David Schütz,https://twitter.com/xdavidhu,video,true,?
166 | 2021-11-21,?,Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over,https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html,Cameron Vincent,https://twitter.com/secretlyhidden1,blog,true,https://web.archive.org/web/20240730094947/https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html
167 | 2021-12-05,6267.4,SSRF vulnerability in AppSheet - Google VRP,https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html,David Nechuta,https://twitter.com/david_nechuta,blog,true,https://web.archive.org/web/20211205190618/https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html
168 | 2021-12-21,5000,Google Cloud Shell XSS,https://ndevtk.github.io/writeups/2021/12/30/cloud-shell-xss/,NDevTK,https://twitter.com/ndevtk,blog,true,https://web.archive.org/web/20231008030152/https://ndevtk.github.io/writeups/2021/12/30/cloud-shell-xss/
169 | 2021-12-25,?,How I Saved Christmas For Google!,https://bugs.0xdroopy.live/bugs/how-i-saved-the-christmas-for-google/,Nikhil Kaushik,https://twitter.com/NikhilK50866227,blog,true,https://web.archive.org/web/20220319112033/https://bugs.0xdroopy.live/bugs/how-i-saved-the-christmas-for-google/
170 | 2021-12-28,3133.7,RCE in Google Cloud Dataflow,https://mbrancato.github.io/2021/12/28/rce-dataflow.html,Mike Brancato,https://www.linkedin.com/in/mikebrancato/,blog,true,https://web.archive.org/web/20220108195326/https://mbrancato.github.io/2021/12/28/rce-dataflow.html
171 | 2021-12-30,5000,Email storage leaking ticket-attachment,https://ndevtk.github.io/writeups/2021/12/30/ticket-attachments/,NDevTK,https://x.com/ndevtk,blog,true,https://web.archive.org/web/20241113041822/https://ndevtk.github.io/writeups/2021/12/30/ticket-attachments/
172 | 2022-02-02,?,How I Was Able To Track You Around The Globe!,https://bugs.0xdroopy.live/bugs/how-i-tracked-you-around-the-globe/,Nikhil Kaushik,https://twitter.com/NikhilK50866227,blog,true,https://web.archive.org/web/20220319112328/https://bugs.0xdroopy.live/bugs/how-i-tracked-you-around-the-globe/
173 | 2022-02-06,2674,Auth Bypass in Google Assistant,https://feed.bugs.xdavidhu.me/bugs/0012,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20220212220602/https://feed.bugs.xdavidhu.me/bugs/0012
174 | 2022-02-06,1337,Auth Bypass in com.google.android.googlequicksearchbox,https://feed.bugs.xdavidhu.me/bugs/0013,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20220212220701/https://feed.bugs.xdavidhu.me/bugs/0013
175 | 2022-02-20,3133.7,Send a Email and get kicked out of Google Groups - A Feature that almost broke Google Groups,https://sriram-offcl.medium.com/send-a-email-to-me-and-get-kicked-out-of-google-groups-29b5c2c60e95,Sriram,https://twitter.com/sriramoffcl,blog,true,https://web.archive.org/web/20220319112448/https://infosecwriteups.com/send-a-email-to-me-and-get-kicked-out-of-google-groups-29b5c2c60e95?gi=2f818fa58c71
176 | 2022-03-08,?,Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities,https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/,Unit 42,https://twitter.com/Unit42_Intel,blog,true,https://web.archive.org/web/20220319113511/https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/
177 | 2022-03-19,10000,System environment variables leak on Google Chrome - Microsoft Edge and Opera,https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera,Maciej Pulikowski,https://twitter.com/pulik_io,blog,true,https://web.archive.org/web/20220906194554/https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera
178 | 2022-03-25,0,Clipboard hazard with Google Sheets,https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907,Imre Rad,https://www.linkedin.com/in/imre-rad-2358749b/,blog,true,https://web.archive.org/web/20220511152331/https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907
179 | 2022-04-23,1337,Launching a Supply Chain Counterattack Against Google and OpenSSF,https://codemuch.tech/2022/04/23/supply-chain-counterattack/,Alan Cao,https://twitter.com/AlanCao5,blog,true,https://web.archive.org/web/20220511152343/https://codemuch.tech/2022/04/23/supply-chain-counterattack/
180 | 2022-06-09,?,How to download eBooks from Google Play Store without paying for them,https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79,Yess,https://twitter.com/Yess_2021xD,blog,true,https://web.archive.org/web/20220625160226/https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79
181 | 2022-07-26,8133.7,Google Play and DevSite XSS,https://ndevtk.github.io/writeups/2022/07/26/google-xss/,NDevTK,https://x.com/ndevtk,blog,true,https://web.archive.org/web/20241113042147/https://ndevtk.github.io/writeups/2022/07/26/google-xss/
182 | 2022-09-06,3133.7,IDOR leads to removing members from any Google Chat Space.,https://web.archive.org/web/20220906173240/https://hopesamples.blogspot.com/2022/09/idor-leads-to-removing-members-from-any.html,Vivek M,?,blog,true,?
183 | 2022-09-16,?,Cloning internal Google repos for fun and… info?,https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20221007012855/https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00
184 | 2022-09-22,0,Exploiting Distroless Images,https://www.form3.tech/blog/engineering/exploiting-distroless-images,Daniel Teixeira,https://twitter.com/TheRedOperator,blog,true,https://web.archive.org/web/20231022142438/https://www.form3.tech/blog/engineering/exploiting-distroless-images
185 | 2022-11-10,70000,Accidental $70k Google Pixel Lock Screen Bypass,https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/,David Schütz,https://twitter.com/xdavidhu,blog,true,https://web.archive.org/web/20221128160740/https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
186 | 2022-11-30,1337,"The space creators can still see the members of the space, even after they have been removed from the space.",https://web.archive.org/web/20221201043429/https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html,Vivek M,?,blog,true,?
187 | 2022-12-26,107500,Turning Google smart speakers into wiretaps for $100k,https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html,Matt Kunze,https://downrightnifty.me/,blog,true,https://web.archive.org/web/20230226143328/https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
188 | 2022-12-26,20000,Few bugs in the google cloud shell,https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html,Obmi,https://bughunters.google.com/profile/40997bbc-945a-4eca-8408-eed302641c96,blog,true,https://web.archive.org/web/20231022065810/https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html
189 | 2023-01-06,2337,Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability,https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed,Borna Nematzadeh,https://twitter.com/LogicalHunter,blog,true,https://web.archive.org/web/20240107141036/https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed
190 | 2023-01-12,6000,SSH key injection in Google Cloud Compute Engine [Google VRP],https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,true,https://web.archive.org/web/20230705030603/https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/
191 | 2023-01-12,3133.7,Client-Side SSRF to Google Cloud Project Takeover [Google VRP],https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/,Sreeram KL,https://twitter.com/kl_sree,blog,true,https://web.archive.org/web/20231006115611/https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/
192 | 2023-01-13,3133.7,Bypassing authorization in Google Cloud Workstations [Google VRP],https://blog.stazot.com/ssh-key-injection-google-cloud/,Sivanesh Ashok,https://twitter.com/sivaneshashok,blog,true,https://web.archive.org/web/20231006115738/https://blog.stazot.com/ssh-key-injection-google-cloud/
193 | 2023-01-15,3133.7,XSS using postMessage in Google Cloud Theia notebooks [Google VRP],https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/,Sreeram KL,https://twitter.com/kl_sree,blog,true,https://web.archive.org/web/20231022091605/https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/
194 | 2023-01-22,?,How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon],https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900,Orwa Atyat,https://twitter.com/GodfatherOrwa,blog,true,https://web.archive.org/web/20231022091621/https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900
195 | 2023-02-05,?,I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35,https://web.archive.org/web/20230306174012/https://bloggerrando.blogspot.com/2023/02/06-2.html,R ando,https://twitter.com/Rando02355205,blog,true,?
196 | 2023-02-07,0,Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRP,https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403,Basavaraj Banakar,https://twitter.com/basu_banakar,blog,true,https://web.archive.org/web/20231008030116/https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403
197 | 2023-02-09,?,Broken Access Control can create Asset library whereas role access is billing + IDOR | Google Ads,https://medium.com/@ggilang1135/broken-access-control-can-create-asset-library-whereas-role-access-is-billing-idor-b1b632f2c281,Gilang Romadon,https://medium.com/@ggilang1135,blog,true,https://web.archive.org/web/20231115042624/https://medium.com/@ggilang1135/broken-access-control-can-create-asset-library-whereas-role-access-is-billing-idor-b1b632f2c281
198 | 2023-02-10,500,Information disclosure or GDPR breach? A Google tale…,https://medium.com/@lukeberner/information-disclosure-or-gdpr-breach-a-google-tale-f9e99fd5d648,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20230226134624/https://medium.com/@lukeberner/information-disclosure-to-gdpr-breach-a-google-tale-f9e99fd5d648
199 | 2023-03-11,1837,CCAI XSS,https://ndevtk.github.io/writeups/2023/03/11/ccai/,NDevTK,https://x.com/ndevtk,blog,true,?
200 | 2023-03-13,5000,The Time I Hacked Google’s Manual Actions Database,https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/,Tom Anthony,https://twitter.com/TomAnthonySEO,blog,true,https://web.archive.org/web/20230511184950/https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/
201 | 2023-03-18,?,Exploiting aCropalypse: Recovering Truncated PNGs,https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html,David Buchanan,https://twitter.com/David3141593,blog,true,https://web.archive.org/web/20230727225338/https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
202 | 2023-03-28,?,The curl quirk that exposed Burp Suite & Google Chrome,https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome,Paul Mutton,https://twitter.com/paulmutton,blog,true,https://web.archive.org/web/20230615155314/https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome
203 | 2023-03-31,0,Unveiling the Secrets: My Journey of Hacking Google’s OSS,https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa,7h3h4ckv157,https://twitter.com/7h3h4ckv157,blog,true,https://web.archive.org/web/20230331125459/https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa?gi=7f01bb3a5730
204 | 2023-04-13,500,Remote Code Execution Vulnerability in Google They Are Not Willing To Fix,https://giraffesecurity.dev/posts/google-remote-code-execution/,Giraffe Security,https://giraffesecurity.dev/,blog,true,https://web.archive.org/web/20230728103039/https://giraffesecurity.dev/posts/google-remote-code-execution/
205 | 2023-04-18,?,How Material Security Uncovered a Vulnerability in the Gmail API,https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api,Material Security,https://twitter.com/material_sec,blog,true,https://web.archive.org/web/20231022075350/https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api
206 | 2023-04-20,?,"GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts",https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/,Astrix Security,https://twitter.com/AstrixSecurity,blog,true,https://web.archive.org/web/20231022143827/https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/
207 | 2023-06-09,6000,XSS in GMAIL Dynamic Email (AMP for Email),https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d,asdqw3,https://twitter.com/agamimaulana,blog,true,https://web.archive.org/web/20231020131516/https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d
208 | 2023-06-11,7500,googlesource.com access_token leak,https://ndevtk.github.io/writeups/2023/06/11/googlesource/,NDevTK,https://twitter.com/ndevtk,blog,true,https://web.archive.org/web/20231022075417/https://ndevtk.github.io/writeups/2023/06/11/googlesource/
209 | 2023-06-21,4133.7,Unveiling a Critical Authentication Bypass Vulnerability in Google Cloud API Gateway,https://securingbits.com/bypassing-google-cloud-api-gateway,Securing Bits,https://twitter.com/securing_bits,blog,true,https://web.archive.org/web/20231124094810/https://securingbits.com/bypassing-google-cloud-api-gateway
210 | 2023-06-23,1337,Insecure sandbox on Colaboratory,https://ndevtk.github.io/writeups/2023/06/23/outputframes/,NDevTK,https://x.com/ndevtk,blog,true,https://web.archive.org/web/20241113043030/https://ndevtk.github.io/writeups/2023/06/23/outputframes/
211 | 2023-06-30,?,Server-side Template Injection Leading to RCE on Google VRP,https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc,mizzleneupane,https://twitter.com/mizzle_neupane5,blog,true,https://web.archive.org/web/20231022075430/https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc
212 | 2023-07-03,500,Hunting for Nginx Alias Traversals in the wild,https://labs.hakaioffsec.com/nginx-alias-traversal/,Hakai Offensive Security,https://www.hakaioffensivesecurity.com/,blog,true,https://web.archive.org/web/20231022065829/https://labs.hakaioffsec.com/nginx-alias-traversal/
213 | 2023-07-07,0,A Journey Into Hacking Google Search Appliance,https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/,DEVCORE,https://twitter.com/d3vc0r3,blog,true,https://web.archive.org/web/20231022065848/https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/
214 | 2023-07-22,?,Hijacking Cloud CI/CD Systems for Fun and Profit,https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit,Divyanshu,https://twitter.com/gh0st_R1d3r_0x9,blog,true,https://web.archive.org/web/20231022075452/https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit
215 | 2023-08-18,18833.7,Google Extensions,https://ndevtk.github.io/writeups/2023/08/18/extensions/,NDevTK,https://twitter.com/ndevtk,blog,true,https://web.archive.org/web/20231008030139/https://ndevtk.github.io/writeups/2023/08/18/extensions/
216 | 2023-09-11,?,GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure,https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure,Ofir Balassiano,https://twitter.com/ofir_balassiano,blog,true,https://web.archive.org/web/20231022075518/https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure
217 | 2023-09-18,?,How i found an Stored XSS on Google Books,https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36,Sokol Çavdarbasha,https://twitter.com/sokolicav,blog,true,https://web.archive.org/web/20231020133727/https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36
218 | 2023-10-19,?,Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio,https://embracethered.com/blog/posts/2023/google-gcp-generative-ai-studio-data-exfiltration-fixed/,Johann Rehberger,https://twitter.com/wunderwuzzi23,blog,true,https://web.archive.org/web/20231104051811/https://embracethered.com/blog/posts/2023/google-gcp-generative-ai-studio-data-exfiltration-fixed/
219 | 2023-11-02,?,ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services,https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services,Tenable,https://twitter.com/tenablesecurity,blog,true,https://web.archive.org/web/20231103110025/https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services
220 | 2023-11-14,10000,Uncovering a crazy privilege escalation from Chrome extensions,https://0x44.xyz/blog/cve-2023-4369/,Derin Eryilmaz,https://twitter.com/deryilz,blog,true,https://web.archive.org/web/20231114231353/https://0x44.xyz/blog/cve-2023-4369/
221 | 2023-11-14,?,Google VRP -[IDOR] Deleted Victim Data & Leaked,https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a,Gilang Romadon,https://medium.com/@ggilang1135,blog,true,https://web.archive.org/web/20231115042639/https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a
222 | 2024-03-04,50000,"We Hacked Google A.I. for $50,000",https://www.landh.tech/blog/20240304-google-hack-50000/,Lupin,https://twitter.com/0xLupin,blog,true,https://web.archive.org/web/20240730095124/https://www.landh.tech/blog/20240304-google-hack-50000/
223 | 2024-03-23,4133.7,Hacking the Giant: How I Discovered Google’s Vulnerability and Hall of Fame Recognition,https://medium.com/@hncaga/hacking-the-giant-how-i-discovered-googles-vulnerability-and-hall-of-fame-recognition-694a9c18684a,Henry N. Caga,https://twitter.com/hncaga,blog,true,https://web.archive.org/web/20240730095144/https://infosecwriteups.com/hacking-the-giant-how-i-discovered-googles-vulnerability-and-hall-of-fame-recognition-694a9c18684a?gi=b18ac2f90bb3
224 | 2024-04-15,7500,An Obscure Actions Workflow Vulnerability in Google’s Flank,https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/,Adnan Khan,https://twitter.com/adnanthekhan,blog,true,https://web.archive.org/web/20241113043141/https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/
225 | 2024-07-24,?,ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions,https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions,Liv Matan,https://twitter.com/terminatorLM,blog,true,https://web.archive.org/web/20241113141503/https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions
226 | 2024-07-26,?,Leaking All Users Google Drive Files,https://secreltyhiddenwriteups.blogspot.com/2024/07/leaking-all-users-google-drive-files.html,Cameron Vincent,https://twitter.com/secretlyhidden1,blog,true,https://web.archive.org/web/20241113043208/https://secreltyhiddenwriteups.blogspot.com/2024/07/leaking-all-users-google-drive-files.html
227 | 2024-07-31,?,Escalating Privileges in Google Cloud via Open Groups,https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/,Thomas Elling,https://www.linkedin.com/in/thomaselling1/,blog,true,https://web.archive.org/web/20241113141534/https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/
228 | 2024-08-01,3133.70,idx.google.com XSS,https://ndevtk.github.io/writeups/2024/08/01/projectidx/,NDevTK,https://x.com/ndevtk,blog,true,https://web.archive.org/web/20241113043233/https://ndevtk.github.io/writeups/2024/08/01/projectidx/
229 | 2024-08-01,14008.7,Android web attack surface,https://ndevtk.github.io/writeups/2024/08/01/awas/,NDevTK,https://x.com/ndevtk,blog,true,https://web.archive.org/web/20241113043343/https://ndevtk.github.io/writeups/2024/08/01/awas/
230 | 2024-08-02,1000,Chromium infra leak,https://ndevtk.github.io/writeups/2024/08/02/chromiuminfra/,NDevTK,https://x.com/ndevtk,blog,true,https://web.archive.org/web/20241113141604/https://ndevtk.github.io/writeups/2024/08/02/chromiuminfra/
231 | 2024-08-02,?,Supply Chain Attack on Chromium-BiDi and Puppeteer via GitHub Cache Poisoning,https://issues.chromium.org/issues/356905939,inspector-ambitious,https://twitter.com/inspector_amb,blog,true,https://web.archive.org/web/20241113141703/https://issues.chromium.org/issues/356905939
232 | 2024-08-04,?,How I Got Critical P2 Bug on Google,https://medium.com/@rhashibur75/how-i-got-critical-p2-bug-on-google-vrp-165017145af8,Kazi Hashibur Rahman,https://medium.com/@rhashibur75,blog,true,https://web.archive.org/web/20241113141721/https://medium.com/@rhashibur75/how-i-got-critical-p2-bug-on-google-vrp-165017145af8
233 | 2024-08-13,?,ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts,https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/,Yaron Avital,https://twitter.com/yaronavital,blog,true,?
234 | 2024-08-16,1337,Kicking Off the Apigee Security Series: Discovering Rhino’s Blind Spot,https://codesent.io/r/XvI,Nikita Markevich,https://www.linkedin.com/in/nikita-markevich-45a56a13a/,blog,true,https://web.archive.org/web/20241113043610/https://codesent.io/blog/code-sentinels-1/discovering-rhinos-blind-spot-1?utm_campaign=apigee_series&utm_source=Github&utm_medium=awesome-google-vrp-writeups
235 | 2024-08-24,1337,Exploiting Sandbox Escape Vulnerability in Apigee PythonScript Policy,https://codesent.io/r/N6Q,Nikita Markevich,https://www.linkedin.com/in/nikita-markevich-45a56a13a/,blog,true,https://web.archive.org/web/20241113043639/https://codesent.io/blog/code-sentinels-1/breaking-the-sandbox-2?utm_campaign=apigee_series&utm_source=Github&utm_medium=awesome-google-vrp-writeups
236 | 2024-08-26,500,[$500] How I was able to give verification badge to any YouTube channel and bypass needed requirements,https://vojtechcekal.medium.com/how-i-was-able-to-give-verification-badge-to-any-youtube-channel-and-bypass-needed-requirements-b88855afe4b7,Vojtech Cekal,https://vojtechcekal.medium.com/,blog,true,https://web.archive.org/web/20241113141953/https://vojtechcekal.medium.com/how-i-was-able-to-give-verification-badge-to-any-youtube-channel-and-bypass-needed-requirements-b88855afe4b7
237 | 2024-09-19,3133.70,Office Editing for Docs Sheets & Slides leak,https://ndevtk.github.io/writeups/2024/09/19/drive/,NDevTK,https://x.com/ndevtk,blog,true,https://web.archive.org/web/20241113142015/https://ndevtk.github.io/writeups/2024/09/19/drive/
238 | 2024-09-19,4133.7,Using YouTube to steal your files,https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/,Lyra Rebane,https://twitter.com/rebane2001,blog,true,https://web.archive.org/web/20241113142042/https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/
239 | 2024-09-25,4837,XS-Search on Google Photos,https://ndevtk.github.io/writeups/2024/09/25/photos/,NDevTK,https://x.com/ndevtk,blog,true,https://web.archive.org/web/20241113055313/https://ndevtk.github.io/writeups/2024/09/25/photos/
240 | 2024-11-11,?,Release-Drafter To google/accompanist Compromise: VRP Writeup,https://adnanthekhan.com/2024/11/11/release-drafter-to-google-accompanist-compromise-vrp-writeup/,Adnan Khan,https://twitter.com/adnanthekhan,blog,true,https://web.archive.org/web/20241113142116/https://adnanthekhan.com/2024/11/11/release-drafter-to-google-accompanist-compromise-vrp-writeup/
241 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Awesome Google VRP Writeups
  2 | 🐛 A list of writeups from the Google VRP Bug Bounty program
  3 | 
  4 | *\*writeups: **not just** writeups*
  5 | 
  6 | **Follow [@gvrp_writeups](https://twitter.com/gvrp_writeups) on Twitter to get new writeups straigt into your feed!**
  7 | 
  8 | ## Contributing:
  9 | 
 10 | If you know of any writeups/videos not listed in this repository, feel free to open a Pull Request.
 11 | 
 12 | To add a new writeup, simply add a new line to `writeups.csv`:
 13 | ```
 14 | [YYYY-MM-DD],[bounty],[title],[url],[author-name],[author-url],[type],false,?
 15 | ```
 16 | *If a value is not available, write `?`.*<br>
 17 | *The value of `type` can either be `blog` or `video`.*<br>
 18 | *If any of the fields include a `,`, please wrap the value in quotes.*<br>
 19 | *Please keep the last two fields set to `false` and `?`. The automation will modify these fields.*<br>
 20 | *If available, set `author-url` to the author's Twitter URL, so the automation can @mention the author.*
 21 | 
 22 | ## Writeups:
 23 | 
 24 | ### 2024:
 25 | 
 26 | - **[Nov 11 - $???]** [Release-Drafter To google/accompanist Compromise: VRP Writeup](https://adnanthekhan.com/2024/11/11/release-drafter-to-google-accompanist-compromise-vrp-writeup/)[*](https://web.archive.org/web/20241113142116/https://adnanthekhan.com/2024/11/11/release-drafter-to-google-accompanist-compromise-vrp-writeup/) by [Adnan Khan](https://twitter.com/adnanthekhan)
 27 | - **[Sep 25 - $4,837]** [XS-Search on Google Photos](https://ndevtk.github.io/writeups/2024/09/25/photos/)[*](https://web.archive.org/web/20241113055313/https://ndevtk.github.io/writeups/2024/09/25/photos/) by [NDevTK](https://x.com/ndevtk)
 28 | - **[Sep 19 - $3,133.7]** [Office Editing for Docs Sheets & Slides leak](https://ndevtk.github.io/writeups/2024/09/19/drive/)[*](https://web.archive.org/web/20241113142015/https://ndevtk.github.io/writeups/2024/09/19/drive/) by [NDevTK](https://x.com/ndevtk)
 29 | - **[Sep 19 - $4,133.7]** [Using YouTube to steal your files](https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/)[*](https://web.archive.org/web/20241113142042/https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/) by [Lyra Rebane](https://twitter.com/rebane2001)
 30 | - **[Aug 26 - $500]** [[$500] How I was able to give verification badge to any YouTube channel and bypass needed requirements](https://vojtechcekal.medium.com/how-i-was-able-to-give-verification-badge-to-any-youtube-channel-and-bypass-needed-requirements-b88855afe4b7)[*](https://web.archive.org/web/20241113141953/https://vojtechcekal.medium.com/how-i-was-able-to-give-verification-badge-to-any-youtube-channel-and-bypass-needed-requirements-b88855afe4b7) by [Vojtech Cekal](https://vojtechcekal.medium.com/)
 31 | - **[Aug 24 - $1,337]** [Exploiting Sandbox Escape Vulnerability in Apigee PythonScript Policy](https://codesent.io/r/N6Q)[*](https://web.archive.org/web/20241113043639/https://codesent.io/blog/code-sentinels-1/breaking-the-sandbox-2?utm_campaign=apigee_series&utm_source=Github&utm_medium=awesome-google-vrp-writeups) by [Nikita Markevich](https://www.linkedin.com/in/nikita-markevich-45a56a13a/)
 32 | - **[Aug 16 - $1,337]** [Kicking Off the Apigee Security Series: Discovering Rhino’s Blind Spot](https://codesent.io/r/XvI)[*](https://web.archive.org/web/20241113043610/https://codesent.io/blog/code-sentinels-1/discovering-rhinos-blind-spot-1?utm_campaign=apigee_series&utm_source=Github&utm_medium=awesome-google-vrp-writeups) by [Nikita Markevich](https://www.linkedin.com/in/nikita-markevich-45a56a13a/)
 33 | - **[Aug 13 - $???]** [ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts](https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/)[*](#) by [Yaron Avital](https://twitter.com/yaronavital)
 34 | - **[Aug 04 - $???]** [How I Got Critical P2 Bug on Google](https://medium.com/@rhashibur75/how-i-got-critical-p2-bug-on-google-vrp-165017145af8)[*](https://web.archive.org/web/20241113141721/https://medium.com/@rhashibur75/how-i-got-critical-p2-bug-on-google-vrp-165017145af8) by [Kazi Hashibur Rahman](https://medium.com/@rhashibur75)
 35 | - **[Aug 02 - $1,000]** [Chromium infra leak](https://ndevtk.github.io/writeups/2024/08/02/chromiuminfra/)[*](https://web.archive.org/web/20241113141604/https://ndevtk.github.io/writeups/2024/08/02/chromiuminfra/) by [NDevTK](https://x.com/ndevtk)
 36 | - **[Aug 02 - $???]** [Supply Chain Attack on Chromium-BiDi and Puppeteer via GitHub Cache Poisoning](https://issues.chromium.org/issues/356905939)[*](https://web.archive.org/web/20241113141703/https://issues.chromium.org/issues/356905939) by [inspector-ambitious](https://twitter.com/inspector_amb)
 37 | - **[Aug 01 - $3,133.7]** [idx.google.com XSS](https://ndevtk.github.io/writeups/2024/08/01/projectidx/)[*](https://web.archive.org/web/20241113043233/https://ndevtk.github.io/writeups/2024/08/01/projectidx/) by [NDevTK](https://x.com/ndevtk)
 38 | - **[Aug 01 - $14,008.7]** [Android web attack surface](https://ndevtk.github.io/writeups/2024/08/01/awas/)[*](https://web.archive.org/web/20241113043343/https://ndevtk.github.io/writeups/2024/08/01/awas/) by [NDevTK](https://x.com/ndevtk)
 39 | - **[Jul 31 - $???]** [Escalating Privileges in Google Cloud via Open Groups](https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/)[*](https://web.archive.org/web/20241113141534/https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/) by [Thomas Elling](https://www.linkedin.com/in/thomaselling1/)
 40 | - **[Jul 26 - $???]** [Leaking All Users Google Drive Files](https://secreltyhiddenwriteups.blogspot.com/2024/07/leaking-all-users-google-drive-files.html)[*](https://web.archive.org/web/20241113043208/https://secreltyhiddenwriteups.blogspot.com/2024/07/leaking-all-users-google-drive-files.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
 41 | - **[Jul 24 - $???]** [ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions](https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions)[*](https://web.archive.org/web/20241113141503/https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions) by [Liv Matan](https://twitter.com/terminatorLM)
 42 | - **[Apr 15 - $7,500]** [An Obscure Actions Workflow Vulnerability in Google’s Flank](https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/)[*](https://web.archive.org/web/20241113043141/https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/) by [Adnan Khan](https://twitter.com/adnanthekhan)
 43 | - **[Mar 23 - $4,133.7]** [Hacking the Giant: How I Discovered Google’s Vulnerability and Hall of Fame Recognition](https://medium.com/@hncaga/hacking-the-giant-how-i-discovered-googles-vulnerability-and-hall-of-fame-recognition-694a9c18684a)[*](https://web.archive.org/web/20240730095144/https://infosecwriteups.com/hacking-the-giant-how-i-discovered-googles-vulnerability-and-hall-of-fame-recognition-694a9c18684a?gi=b18ac2f90bb3) by [Henry N. Caga](https://twitter.com/hncaga)
 44 | - **[Mar 04 - $50,000]** [We Hacked Google A.I. for $50,000](https://www.landh.tech/blog/20240304-google-hack-50000/)[*](https://web.archive.org/web/20240730095124/https://www.landh.tech/blog/20240304-google-hack-50000/) by [Lupin](https://twitter.com/0xLupin)
 45 | 
 46 | ### 2023:
 47 | 
 48 | - **[Nov 14 - $10,000]** [Uncovering a crazy privilege escalation from Chrome extensions](https://0x44.xyz/blog/cve-2023-4369/)[*](https://web.archive.org/web/20231114231353/https://0x44.xyz/blog/cve-2023-4369/) by [Derin Eryilmaz](https://twitter.com/deryilz)
 49 | - **[Nov 14 - $???]** [Google VRP -[IDOR] Deleted Victim Data & Leaked](https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a)[*](https://web.archive.org/web/20231115042639/https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a) by [Gilang Romadon](https://medium.com/@ggilang1135)
 50 | - **[Nov 02 - $???]** [ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services](https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services)[*](https://web.archive.org/web/20231103110025/https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services) by [Tenable](https://twitter.com/tenablesecurity)
 51 | - **[Oct 19 - $???]** [Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio](https://embracethered.com/blog/posts/2023/google-gcp-generative-ai-studio-data-exfiltration-fixed/)[*](https://web.archive.org/web/20231104051811/https://embracethered.com/blog/posts/2023/google-gcp-generative-ai-studio-data-exfiltration-fixed/) by [Johann Rehberger](https://twitter.com/wunderwuzzi23)
 52 | - **[Sep 18 - $???]** [How i found an Stored XSS on Google Books](https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36)[*](https://web.archive.org/web/20231020133727/https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36) by [Sokol Çavdarbasha](https://twitter.com/sokolicav)
 53 | - **[Sep 11 - $???]** [GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure](https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure)[*](https://web.archive.org/web/20231022075518/https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure) by [Ofir Balassiano](https://twitter.com/ofir_balassiano)
 54 | - **[Aug 18 - $18,833.7]** [Google Extensions](https://ndevtk.github.io/writeups/2023/08/18/extensions/)[*](https://web.archive.org/web/20231008030139/https://ndevtk.github.io/writeups/2023/08/18/extensions/) by [NDevTK](https://twitter.com/ndevtk)
 55 | - **[Jul 22 - $???]** [Hijacking Cloud CI/CD Systems for Fun and Profit](https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit)[*](https://web.archive.org/web/20231022075452/https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit) by [Divyanshu](https://twitter.com/gh0st_R1d3r_0x9)
 56 | - **[Jul 07 - $0]** [A Journey Into Hacking Google Search Appliance](https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/)[*](https://web.archive.org/web/20231022065848/https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/) by [DEVCORE](https://twitter.com/d3vc0r3)
 57 | - **[Jul 03 - $500]** [Hunting for Nginx Alias Traversals in the wild](https://labs.hakaioffsec.com/nginx-alias-traversal/)[*](https://web.archive.org/web/20231022065829/https://labs.hakaioffsec.com/nginx-alias-traversal/) by [Hakai Offensive Security](https://www.hakaioffensivesecurity.com/)
 58 | - **[Jun 30 - $???]** [Server-side Template Injection Leading to RCE on Google VRP](https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc)[*](https://web.archive.org/web/20231022075430/https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc) by [mizzleneupane](https://twitter.com/mizzle_neupane5)
 59 | - **[Jun 23 - $1,337]** [Insecure sandbox on Colaboratory](https://ndevtk.github.io/writeups/2023/06/23/outputframes/)[*](https://web.archive.org/web/20241113043030/https://ndevtk.github.io/writeups/2023/06/23/outputframes/) by [NDevTK](https://x.com/ndevtk)
 60 | - **[Jun 21 - $4,133.7]** [Unveiling a Critical Authentication Bypass Vulnerability in Google Cloud API Gateway](https://securingbits.com/bypassing-google-cloud-api-gateway)[*](https://web.archive.org/web/20231124094810/https://securingbits.com/bypassing-google-cloud-api-gateway) by [Securing Bits](https://twitter.com/securing_bits)
 61 | - **[Jun 11 - $7,500]** [googlesource.com access_token leak](https://ndevtk.github.io/writeups/2023/06/11/googlesource/)[*](https://web.archive.org/web/20231022075417/https://ndevtk.github.io/writeups/2023/06/11/googlesource/) by [NDevTK](https://twitter.com/ndevtk)
 62 | - **[Jun 09 - $6,000]** [XSS in GMAIL Dynamic Email (AMP for Email)](https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d)[*](https://web.archive.org/web/20231020131516/https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d) by [asdqw3](https://twitter.com/agamimaulana)
 63 | - **[Apr 20 - $???]** [GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts](https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/)[*](https://web.archive.org/web/20231022143827/https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/) by [Astrix Security](https://twitter.com/AstrixSecurity)
 64 | - **[Apr 18 - $???]** [How Material Security Uncovered a Vulnerability in the Gmail API](https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api)[*](https://web.archive.org/web/20231022075350/https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api) by [Material Security](https://twitter.com/material_sec)
 65 | - **[Apr 13 - $500]** [Remote Code Execution Vulnerability in Google They Are Not Willing To Fix](https://giraffesecurity.dev/posts/google-remote-code-execution/)[*](https://web.archive.org/web/20230728103039/https://giraffesecurity.dev/posts/google-remote-code-execution/) by [Giraffe Security](https://giraffesecurity.dev/)
 66 | - **[Mar 31 - $0]** [Unveiling the Secrets: My Journey of Hacking Google’s OSS](https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa)[*](https://web.archive.org/web/20230331125459/https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa?gi=7f01bb3a5730) by [7h3h4ckv157](https://twitter.com/7h3h4ckv157)
 67 | - **[Mar 28 - $???]** [The curl quirk that exposed Burp Suite & Google Chrome](https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome)[*](https://web.archive.org/web/20230615155314/https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome) by [Paul Mutton](https://twitter.com/paulmutton)
 68 | - **[Mar 18 - $???]** [Exploiting aCropalypse: Recovering Truncated PNGs](https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html)[*](https://web.archive.org/web/20230727225338/https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) by [David Buchanan](https://twitter.com/David3141593)
 69 | - **[Mar 13 - $5,000]** [The Time I Hacked Google’s Manual Actions Database](https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/)[*](https://web.archive.org/web/20230511184950/https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/) by [Tom Anthony](https://twitter.com/TomAnthonySEO)
 70 | - **[Mar 11 - $1,837]** [CCAI XSS](https://ndevtk.github.io/writeups/2023/03/11/ccai/)[*](#) by [NDevTK](https://x.com/ndevtk)
 71 | - **[Feb 10 - $500]** [Information disclosure or GDPR breach? A Google tale…](https://medium.com/@lukeberner/information-disclosure-or-gdpr-breach-a-google-tale-f9e99fd5d648)[*](https://web.archive.org/web/20230226134624/https://medium.com/@lukeberner/information-disclosure-to-gdpr-breach-a-google-tale-f9e99fd5d648) by [Luke Berner](https://www.linkedin.com/in/lucas-berner-89865339/)
 72 | - **[Feb 09 - $???]** [Broken Access Control can create Asset library whereas role access is billing + IDOR | Google Ads](https://medium.com/@ggilang1135/broken-access-control-can-create-asset-library-whereas-role-access-is-billing-idor-b1b632f2c281)[*](https://web.archive.org/web/20231115042624/https://medium.com/@ggilang1135/broken-access-control-can-create-asset-library-whereas-role-access-is-billing-idor-b1b632f2c281) by [Gilang Romadon](https://medium.com/@ggilang1135)
 73 | - **[Feb 07 - $0]** [Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRP](https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403)[*](https://web.archive.org/web/20231008030116/https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403) by [Basavaraj Banakar](https://twitter.com/basu_banakar)
 74 | - **[Feb 05 - $???]** [I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35](https://web.archive.org/web/20230306174012/https://bloggerrando.blogspot.com/2023/02/06-2.html)[*](#) by [R ando](https://twitter.com/Rando02355205)
 75 | - **[Jan 22 - $???]** [How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon]](https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900)[*](https://web.archive.org/web/20231022091621/https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900) by [Orwa Atyat](https://twitter.com/GodfatherOrwa)
 76 | - **[Jan 15 - $3,133.7]** [XSS using postMessage in Google Cloud Theia notebooks [Google VRP]](https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/)[*](https://web.archive.org/web/20231022091605/https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/) by [Sreeram KL](https://twitter.com/kl_sree)
 77 | - **[Jan 13 - $3,133.7]** [Bypassing authorization in Google Cloud Workstations [Google VRP]](https://blog.stazot.com/ssh-key-injection-google-cloud/)[*](https://web.archive.org/web/20231006115738/https://blog.stazot.com/ssh-key-injection-google-cloud/) by [Sivanesh Ashok](https://twitter.com/sivaneshashok)
 78 | - **[Jan 12 - $6,000]** [SSH key injection in Google Cloud Compute Engine [Google VRP]](https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/)[*](https://web.archive.org/web/20230705030603/https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/) by [Sivanesh Ashok](https://twitter.com/sivaneshashok)
 79 | - **[Jan 12 - $3,133.7]** [Client-Side SSRF to Google Cloud Project Takeover [Google VRP]](https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/)[*](https://web.archive.org/web/20231006115611/https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/) by [Sreeram KL](https://twitter.com/kl_sree)
 80 | - **[Jan 06 - $2,337]** [Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability](https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed)[*](https://web.archive.org/web/20240107141036/https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed) by [Borna Nematzadeh](https://twitter.com/LogicalHunter)
 81 | 
 82 | ### 2022:
 83 | 
 84 | - **[Dec 26 - $107,500]** [Turning Google smart speakers into wiretaps for $100k](https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html)[*](https://web.archive.org/web/20230226143328/https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html) by [Matt Kunze](https://downrightnifty.me/)
 85 | - **[Dec 26 - $20,000]** [Few bugs in the google cloud shell](https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html)[*](https://web.archive.org/web/20231022065810/https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html) by [Obmi](https://bughunters.google.com/profile/40997bbc-945a-4eca-8408-eed302641c96)
 86 | - **[Nov 30 - $1,337]** [The space creators can still see the members of the space, even after they have been removed from the space.](https://web.archive.org/web/20221201043429/https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html)[*](#) by [Vivek M](#)
 87 | - **[Nov 10 - $70,000]** [Accidental $70k Google Pixel Lock Screen Bypass](https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/)[*](https://web.archive.org/web/20221128160740/https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/) by [David Schütz](https://twitter.com/xdavidhu)
 88 | - **[Sep 22 - $0]** [Exploiting Distroless Images](https://www.form3.tech/blog/engineering/exploiting-distroless-images)[*](https://web.archive.org/web/20231022142438/https://www.form3.tech/blog/engineering/exploiting-distroless-images) by [Daniel Teixeira](https://twitter.com/TheRedOperator)
 89 | - **[Sep 16 - $???]** [Cloning internal Google repos for fun and… info?](https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00)[*](https://web.archive.org/web/20221007012855/https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00) by [Luke Berner](https://www.linkedin.com/in/lucas-berner-89865339/)
 90 | - **[Sep 06 - $3,133.7]** [IDOR leads to removing members from any Google Chat Space.](https://web.archive.org/web/20220906173240/https://hopesamples.blogspot.com/2022/09/idor-leads-to-removing-members-from-any.html)[*](#) by [Vivek M](#)
 91 | - **[Jul 26 - $8,133.7]** [Google Play and DevSite XSS](https://ndevtk.github.io/writeups/2022/07/26/google-xss/)[*](https://web.archive.org/web/20241113042147/https://ndevtk.github.io/writeups/2022/07/26/google-xss/) by [NDevTK](https://x.com/ndevtk)
 92 | - **[Jun 09 - $???]** [How to download eBooks from Google Play Store without paying for them](https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79)[*](https://web.archive.org/web/20220625160226/https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79) by [Yess](https://twitter.com/Yess_2021xD)
 93 | - **[Apr 23 - $1,337]** [Launching a Supply Chain Counterattack Against Google and OpenSSF](https://codemuch.tech/2022/04/23/supply-chain-counterattack/)[*](https://web.archive.org/web/20220511152343/https://codemuch.tech/2022/04/23/supply-chain-counterattack/) by [Alan Cao](https://twitter.com/AlanCao5)
 94 | - **[Mar 25 - $0]** [Clipboard hazard with Google Sheets](https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907)[*](https://web.archive.org/web/20220511152331/https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
 95 | - **[Mar 19 - $10,000]** [System environment variables leak on Google Chrome - Microsoft Edge and Opera](https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera)[*](https://web.archive.org/web/20220906194554/https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera) by [Maciej Pulikowski](https://twitter.com/pulik_io)
 96 | - **[Mar 08 - $???]** [Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities](https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/)[*](https://web.archive.org/web/20220319113511/https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/) by [Unit 42](https://twitter.com/Unit42_Intel)
 97 | - **[Feb 20 - $3,133.7]** [Send a Email and get kicked out of Google Groups - A Feature that almost broke Google Groups](https://sriram-offcl.medium.com/send-a-email-to-me-and-get-kicked-out-of-google-groups-29b5c2c60e95)[*](https://web.archive.org/web/20220319112448/https://infosecwriteups.com/send-a-email-to-me-and-get-kicked-out-of-google-groups-29b5c2c60e95?gi=2f818fa58c71) by [Sriram](https://twitter.com/sriramoffcl)
 98 | - **[Feb 06 - $2,674]** [Auth Bypass in Google Assistant](https://feed.bugs.xdavidhu.me/bugs/0012)[*](https://web.archive.org/web/20220212220602/https://feed.bugs.xdavidhu.me/bugs/0012) by [David Schütz](https://twitter.com/xdavidhu)
 99 | - **[Feb 06 - $1,337]** [Auth Bypass in com.google.android.googlequicksearchbox](https://feed.bugs.xdavidhu.me/bugs/0013)[*](https://web.archive.org/web/20220212220701/https://feed.bugs.xdavidhu.me/bugs/0013) by [David Schütz](https://twitter.com/xdavidhu)
100 | - **[Feb 02 - $???]** [How I Was Able To Track You Around The Globe!](https://bugs.0xdroopy.live/bugs/how-i-tracked-you-around-the-globe/)[*](https://web.archive.org/web/20220319112328/https://bugs.0xdroopy.live/bugs/how-i-tracked-you-around-the-globe/) by [Nikhil Kaushik](https://twitter.com/NikhilK50866227)
101 | 
102 | ### 2021:
103 | 
104 | - **[Dec 30 - $5,000]** [Email storage leaking ticket-attachment](https://ndevtk.github.io/writeups/2021/12/30/ticket-attachments/)[*](https://web.archive.org/web/20241113041822/https://ndevtk.github.io/writeups/2021/12/30/ticket-attachments/) by [NDevTK](https://x.com/ndevtk)
105 | - **[Dec 28 - $3,133.7]** [RCE in Google Cloud Dataflow](https://mbrancato.github.io/2021/12/28/rce-dataflow.html)[*](https://web.archive.org/web/20220108195326/https://mbrancato.github.io/2021/12/28/rce-dataflow.html) by [Mike Brancato](https://www.linkedin.com/in/mikebrancato/)
106 | - **[Dec 25 - $???]** [How I Saved Christmas For Google!](https://bugs.0xdroopy.live/bugs/how-i-saved-the-christmas-for-google/)[*](https://web.archive.org/web/20220319112033/https://bugs.0xdroopy.live/bugs/how-i-saved-the-christmas-for-google/) by [Nikhil Kaushik](https://twitter.com/NikhilK50866227)
107 | - **[Dec 21 - $5,000]** [Google Cloud Shell XSS](https://ndevtk.github.io/writeups/2021/12/30/cloud-shell-xss/)[*](https://web.archive.org/web/20231008030152/https://ndevtk.github.io/writeups/2021/12/30/cloud-shell-xss/) by [NDevTK](https://twitter.com/ndevtk)
108 | - **[Dec 05 - $6,267.4]** [SSRF vulnerability in AppSheet - Google VRP](https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html)[*](https://web.archive.org/web/20211205190618/https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html) by [David Nechuta](https://twitter.com/david_nechuta)
109 | - **[Nov 21 - $???]** [Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over](https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html)[*](https://web.archive.org/web/20240730094947/https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
110 | - **[Nov 17 - $10,401.1]** [Reacting to myself finding an SSRF vulnerability in Google Cloud](https://www.youtube.com/watch?v=UyemBjyQ4qA)[*](#) by [David Schütz](https://twitter.com/xdavidhu)
111 | - **[Nov 11 - $1,337]** [GOOGLE VRP BUG BOUNTY: /etc/environment local variables exfiltrated on Linux Google Earth Pro desktop app](https://omespino.com/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/)[*](https://web.archive.org/web/20211205222340/https://omespino.com/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/) by [Omar Espino](https://twitter.com/omespino)
112 | - **[Oct 24 - $7,500]** [A 7500$ Google sites IDOR](https://r0ckinxj3.wordpress.com/2021/10/24/a-7500-google-sites-idor/)[*](https://web.archive.org/web/20220212215914/https://r0ckinxj3.wordpress.com/2021/10/24/a-7500-google-sites-idor/) by [r0ckin](https://twitter.com/r0ckin_)
113 | - **[Oct 18 - $???]** [The Speckle Umbrella story — part 2](https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea)[*](https://web.archive.org/web/20211106111937/https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
114 | - **[Oct 14 - $0]** [GOOGLE VRP N/A: Arbitrary local file read (macOS) via &lt;a&gt; tag and null byte (%00) in Google Earth Pro Desktop app](https://omespino.com/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/)[*](https://web.archive.org/web/20211106111614/https://omespino.com/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/) by [Omar Espino](https://twitter.com/omespino)
115 | - **[Oct 11 - $0]** [Hacking YouTube With MP4](https://realkeyboardwarrior.github.io/security/2021/10/11/hacking-youtube.html)[*](https://web.archive.org/web/20211205180448/https://realkeyboardwarrior.github.io/security/2021/10/11/hacking-youtube.html) by [Florian Mathieu](https://twitter.com/Keyb0ardWarr10r)
116 | - **[Oct 08 - $25,401.1]** [4 Weird Google VRP Bugs in 40 Minutes - Hacktivity 2021](https://www.youtube.com/watch?v=nP_y-Z-FXr0)[*](#) by [David Schütz](https://twitter.com/xdavidhu)
117 | - **[Sep 28 - $???]** [Google Extensible Service Proxy v1 - CWE-287 Improper Authentication](https://seclists.org/fulldisclosure/2021/Sep/51)[*](https://web.archive.org/web/20211010181255/https://seclists.org/fulldisclosure/2021/Sep/51) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
118 | - **[Sep 10 - $1,337]** [Bypassing GCP Org Policy with Custom Metadata](https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html)[*](https://web.archive.org/web/20211106114030/https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html) by [Kat Traxler](https://twitter.com/NightmareJS)
119 | - **[Sep 06 - $4,133.7]** [2 CSRF 1 IDOR on Google Marketing Platform](https://apapedulimu.click/story-of-idor-on-google-product/)[*](https://web.archive.org/web/20231105080032/https://apapedulimu.click/story-of-idor-on-google-product/) by [Apapedulimu](https://twitter.com/LocalHost31337)
120 | - **[Aug 24 - $???]** [The Nomulus rift](https://irsl.medium.com/the-nomulus-rift-935a3c4d9300)[*](https://web.archive.org/web/20210824194209/https://irsl.medium.com/the-nomulus-rift-935a3c4d9300) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
121 | - **[Aug 23 - $???]** [Hey Google ! - Delete my Data Properly — #GoogleVRP](https://medium.com/techiepedia/hey-google-delete-my-data-properly-googlevrp-83349ca8e0e1)[*](https://web.archive.org/web/20211010181548/https://medium.com/techiepedia/hey-google-delete-my-data-properly-googlevrp-83349ca8e0e1) by [Sriram Kesavan](https://twitter.com/sriramoffcl/)
122 | - **[Jul 13 - $???]** [Unencrypted HTTP Links to Google Scholar in Search](https://feed.bugs.xdavidhu.me/bugs/0010)[*](https://web.archive.org/web/20211205190611/https://feed.bugs.xdavidhu.me/bugs/0010) by [David Schütz](https://twitter.com/xdavidhu)
123 | - **[Jul 08 - $0]** [IDOR on clientauthconfig.googleapis.com](https://feed.bugs.xdavidhu.me/bugs/0009)[*](https://web.archive.org/web/20211205190605/https://feed.bugs.xdavidhu.me/bugs/0009) by [David Schütz](https://twitter.com/xdavidhu)
124 | - **[Jun 25 - $???]** [Google Compute Engine (GCE) VM takeover via DHCP flood](https://github.com/irsl/gcp-dhcp-takeover-code-exec)[*](https://web.archive.org/web/20210628184722/https://github.com/irsl/gcp-dhcp-takeover-code-exec) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
125 | - **[Jun 16 - $???]** [Story of Google Hall of Fame and Private program bounty worth $$$$](https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468)[*](https://web.archive.org/web/20210628185104/https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468?gi=d4a3651a766a) by [Basavaraj Banakar](https://twitter.com/basu_banakar)
126 | - **[Jun 13 - $3,133.7]** [Privilege escalation on https://dialogflow.cloud.google.com](https://lalka-test.medium.com/google-vrp-privilege-escalation-on-https-dialogflow-cloud-google-com-599af6c4516d)[*](https://web.archive.org/web/20210614090237/https://medium.com/@lalka_test/google-vrp-privilege-escalation-on-https-dialogflow-cloud-google-com-599af6c4516d) by [lalka](https://twitter.com/0x01alka)
127 | - **[Jun 09 - $500]** [Author spoofing in Google Colaboratory](https://www.ehpus.com/post/author-spoofing-in-google-colaboratory)[*](https://web.archive.org/web/20210609191502/https://www.ehpus.com/post/author-spoofing-in-google-colaboratory) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
128 | - **[May 31 - $10,000]** [AppCache's forgotten tales](https://blog.lbherrera.me/posts/appcache-forgotten-tales/)[*](https://web.archive.org/web/20210601152111/https://blog.lbherrera.me/posts/appcache-forgotten-tales/) by [Luan Herrera](https://twitter.com/lbherrera_)
129 | - **[May 17 - $???]** [Clickjacking in Nearby Devices Dashboard](https://feed.bugs.xdavidhu.me/bugs/0005)[*](https://web.archive.org/web/20210517120128/https://feed.bugs.xdavidhu.me/bugs/0005) by [David Schütz](https://twitter.com/xdavidhu)
130 | - **[May 16 - $5,000]** [Auth Bypass in https://nearbydevices-pa.googleapis.com](https://feed.bugs.xdavidhu.me/bugs/0004)[*](https://web.archive.org/web/20210516220256/https://feed.bugs.xdavidhu.me/bugs/0004) by [David Schütz](https://twitter.com/xdavidhu)
131 | - **[May 05 - $???]** [How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit](https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html)[*](https://web.archive.org/web/20210507101404/https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html) by [Robert Grosse](https://www.reddit.com/user/Uncaffeinated/)
132 | - **[Apr 29 - $???]** [De-anonymising Anonymous Animals in Google Workspace](https://feed.bugs.xdavidhu.me/bugs/0003)[*](https://web.archive.org/web/20210429095111/https://feed.bugs.xdavidhu.me/bugs/0003) by [David Schütz](https://twitter.com/xdavidhu)
133 | - **[Apr 21 - $???]** [IDOR leads to how many likes that was hidden | Youtube](https://randobugbountywu.blogspot.com/2021/04/idor-leads-to-how-many-likes-that-was.html)[*](https://web.archive.org/web/20210601152051/https://randobugbountywu.blogspot.com/2021/04/idor-leads-to-how-many-likes-that-was.html) by [R Ando](https://twitter.com/Rando02355205)
134 | - **[Apr 20 - $???]** [Auth Bypass in Google Workspace Real Time Collaboration](https://feed.bugs.xdavidhu.me/bugs/0002)[*](https://web.archive.org/web/20210429095041/https://feed.bugs.xdavidhu.me/bugs/0002) by [David Schütz](https://twitter.com/xdavidhu)
135 | - **[Apr 13 - $1,337]** [Google Photos : Theft of Database & Arbitrary Files Android Vulnerability](https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/)[*](https://web.archive.org/web/20210426171424/https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/) by [Rahul Kankrale](https://twitter.com/RahulKankrale)
136 | - **[Apr 09 - $31,337]** [Explaining the exploit to $31,337 Google Cloud blind SSRF](https://www.youtube.com/watch?v=q0YgfwOndOw)[*](#) by [Bug Bounty Reports Explained](https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g)
137 | - **[Apr 06 - $31,337]** [$31,337 Google Cloud blind SSRF + HANDS-ON labs](https://www.youtube.com/watch?v=ashSoc59z1Y)[*](#) by [Bug Bounty Reports Explained](https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g)
138 | - **[Apr 05 - $6,000]** [I Built a TV That Plays All of Your Private YouTube Videos](https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/)[*](https://web.archive.org/web/20210426152923/https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/) by [David Schütz](https://twitter.com/xdavidhu)
139 | - **[Apr 02 - $100]** [Play a game, get Subscribed to my channel - YouTube Clickjacking Bug](https://infosecwriteups.com/play-a-game-get-subscribed-to-my-channel-youtube-clickjacking-bug-googlevrp-6ce1d15542d3)[*](https://web.archive.org/web/20210429095020/https://infosecwriteups.com/play-a-game-get-subscribed-to-my-channel-youtube-clickjacking-bug-googlevrp-6ce1d15542d3?gi=1b8e222195b) by [Sriram Kesavan](https://twitter.com/sriramoffcl)
140 | - **[Mar 22 - $5,000]** [File System Access API - vulnerabilities](https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome)[*](https://web.archive.org/web/20220906194544/https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome) by [Maciej Pulikowski](https://twitter.com/pulik_io)
141 | - **[Mar 21 - $???]** [How I made it to Google HOF?](https://infosecwriteups.com/how-i-made-it-to-google-hof-f1cec85fdb1b)[*](https://web.archive.org/web/20210426152901/https://infosecwriteups.com/how-i-made-it-to-google-hof-f1cec85fdb1b?gi=830e2567977d) by [Sudhanshu Rajbhar](https://twitter.com/sudhanshur705)
142 | - **[Mar 17 - $165,174]** [Hacking into Google's Network for $133,337](https://www.youtube.com/watch?v=g-JgA1hvJzA)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
143 | - **[Mar 11 - $3,133.7]** [How I Get Blind XSS At Google With Dork (First Bounty and HOF )](https://apapedulimu.click/google-vrp-how-i-get-blind-xss-at-google-with-dork-first-bounty-and-hof/)[*](https://web.archive.org/web/20210426152641/https://apapedulimu.click/google-vrp-how-i-get-blind-xss-at-google-with-dork-first-bounty-and-hof/) by [Rio Mulyadi Pulungan](https://twitter.com/riomulyadi_)
144 | - **[Mar 08 - $0]** [Google VRP N/A: SSRF Bypass with Quadzero in Google Cloud Monitoring](https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/)[*](https://web.archive.org/web/20210426152353/https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/) by [Omar Espino](https://twitter.com/omespino)
145 | - **[Mar 08 - $5,000]** [$5,000 YouTube IDOR](https://www.youtube.com/watch?v=FzT3Z7tgDSQ)[*](#) by [Bug Bounty Reports Explained](https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g)
146 | - **[Feb 28 - $???]** [Metadata service MITM allows root privilege escalation (EKS / GKE)](https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE/)[*](https://web.archive.org/web/20210629160052/https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE/) by [Etienne Champetier](https://twitter.com/champtar)
147 | - **[Feb 16 - $0]** [Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story)](https://irsl.medium.com/dropping-a-shell-in-googles-cloud-sql-the-speckle-umbrella-story-f9375bd4960d)[*](https://web.archive.org/web/20210426152305/https://irsl.medium.com/dropping-a-shell-in-googles-cloud-sql-the-speckle-umbrella-story-f9375bd4960d) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
148 | - **[Jan 31 - $5,000]** [Hacking YouTube to watch private videos?](https://www.youtube.com/watch?v=hV9CWw0yDA8)[*](#) by [Tech Raj](https://www.youtube.com/channel/UCY7t-zBYtdj6ZgiRpi3WIYg)
149 | - **[Jan 27 - $???]** [Hijacking Google Drive Files (documents, photo & video) through Google Docs Sharing](https://santuysec.id/2021/01/27/hijacking-google-drive-files-documents-photo-video-through-google-docs-sharing/)[*](https://web.archive.org/web/20210426152019/https://santuysec.id/2021/01/27/hijacking-google-drive-files-documents-photo-video-through-google-docs-sharing/) by [santuySec](https://twitter.com/santuySec)
150 | - **[Jan 25 - $5,000]** [This YouTube Backend API Leaks Private Videos](https://www.youtube.com/watch?v=rGx8DB2HsuI)[*](#) by [Hussein Nasser](https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg)
151 | - **[Jan 18 - $1,337]** [The Embedded YouTube Player Told Me What You Were Watching (and more)](https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/)[*](https://web.archive.org/web/20210426151731/https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/) by [David Schütz](https://twitter.com/xdavidhu)
152 | - **[Jan 11 - $5,000]** [Stealing Your Private YouTube Videos, One Frame at a Time](https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/)[*](https://web.archive.org/web/20210426154944/https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/) by [David Schütz](https://twitter.com/xdavidhu)
153 | - **[Jan 08 - $3,133.7]** [Blind XSS in Google Analytics Admin Panel — $3133.70](https://ashketchum.medium.com/blind-xss-in-google-analytics-admin-panel-3133-70-2185d1cce82a)[*](https://web.archive.org/web/20210426151612/https://ashketchum.medium.com/blind-xss-in-google-analytics-admin-panel-3133-70-2185d1cce82a) by [Ashish Dhone](https://www.linkedin.com/in/ashish-dhone-640489135/)
154 | 
155 | ### 2020:
156 | 
157 | - **[Dec 30 - $???]** [Getting my first Google VRP trophies](https://irsl.medium.com/getting-my-first-google-vrp-trophies-b56d700face)[*](https://web.archive.org/web/20210426151523/https://irsl.medium.com/getting-my-first-google-vrp-trophies-b56d700face) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
158 | - **[Dec 27 - $???]** [Google VRP Hijacking Google Docs Screenshots](https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/)[*](https://web.archive.org/web/20210426151431/https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/) by [Sreeram KL](https://blog.geekycat.in/author/sreeram/)
159 | - **[Dec 22 - $0]** [SSTI in Google Maps](https://www.ehpus.com/post/ssti-in-google-maps)[*](https://web.archive.org/web/20210426151335/https://www.ehpus.com/post/ssti-in-google-maps) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
160 | - **[Dec 21 - $0]** [remote code execution when open a project in android studio that google refused to fix](https://seclists.org/fulldisclosure/2020/Dec/43)[*](https://web.archive.org/web/20210426151314/https://seclists.org/fulldisclosure/2020/Dec/43) by [houjingyi](#)
161 | - **[Dec 19 - $0]** [Google VRP – Sandboxed RCE as root on Apigee API proxies](https://omespino.com/write-up-google-vrp-n-a-sandboxed-rce-as-root-on-apigee-api-proxies/)[*](https://web.archive.org/web/20210426151230/https://omespino.com/write-up-google-vrp-n-a-sandboxed-rce-as-root-on-apigee-api-proxies/) by [Omar Espino](https://twitter.com/omespino)
162 | - **[Nov 12 - $31,337]** [31k$ SSRF in Google Cloud Monitoring led to metadata exposure](https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html)[*](https://web.archive.org/web/20210426151128/https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html) by [David Nechuta](https://twitter.com/david_nechuta)
163 | - **[Oct 27 - $6,337]** [The YouTube bug that allowed unlisted uploads to any channel](https://infosecwriteups.com/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a)[*](https://web.archive.org/web/20210426151058/https://infosecwriteups.com/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a?gi=82b6e1c806bb) by [Ryan Kovatch](https://kovatch.medium.com/)
164 | - **[Oct 26 - $0]** [Deciphering Google’s mysterious ‘batchexecute’ system](https://kovatch.medium.com/deciphering-google-batchexecute-74991e4e446c)[*](https://web.archive.org/web/20210426151014/https://kovatch.medium.com/deciphering-google-batchexecute-74991e4e446c) by [Ryan Kovatch](https://kovatch.medium.com/)
165 | - **[Oct 15 - $???]** [CVE-2020-15157 "ContainerDrip" Write-up](https://darkbit.io/blog/cve-2020-15157-containerdrip)[*](https://web.archive.org/web/20220511152642/https://darkbit.io/blog/cve-2020-15157-containerdrip) by [Brad Geesaman](https://twitter.com/bradgeesaman)
166 | - **[Oct 08 - $30,000]** [The mass CSRFing of \*.google.com/\* products.](http://www.missoumsai.com/google-csrfs.html)[*](https://web.archive.org/web/20210426150958/https://imgur.com/3fvPuXW) by [Missoum Said](https://twitter.com/missoum1307)
167 | - **[Oct 01 - $5,000]** [Google bug bounty: XSS to Cloud Shell instance takeover (RCE as root) - $5,000 USD](https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/)[*](https://web.archive.org/web/20210426150845/https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/) by [Omar Espino](https://twitter.com/omespino)
168 | - **[Sep 29 - $???]** [Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts](https://websecblog.com/vulns/public-google-cloud-blog-bucket/)[*](https://web.archive.org/web/20210426150759/https://websecblog.com/vulns/public-google-cloud-blog-bucket/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
169 | - **[Sep 20 - $500]** [How I earned $500 from Google - Flaw in Authentication](https://medium.com/bugbountywriteup/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616/)[*](https://web.archive.org/web/20210426150722/https://infosecwriteups.com/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616?gi=a7363b706775) by [Hemant Patidar](https://twitter.com/HemantSolo)
170 | - **[Sep 10 - $15,000]** [Universal XSS in Android WebView (CVE-2020-6506)](https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/)[*](https://web.archive.org/web/20231026202309/https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/) by [Alesandro Ortiz](https://twitter.com/AlesandroOrtizR)
171 | - **[Sep 08 - $10,000]** [XSS->Fix->Bypass: 10000$ bounty in Google Maps](https://www.ehpus.com/post/xss-fix-bypass-10000-bounty-in-google-maps)[*](https://web.archive.org/web/20210426150640/https://www.ehpus.com/post/xss-fix-bypass-10000-bounty-in-google-maps) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
172 | - **[Sep 07 - $1,337]** [My first bug in google and how i got CSRF token for victim account rather than bypass it](https://medium.com/@odayalhalbe1/my-first-bug-in-google-and-how-i-got-csrf-token-for-victim-account-rather-than-bypass-it-1337-bf01261feb47)[*](https://web.archive.org/web/20210426150615/https://medium.com/@odayalhalbe1/my-first-bug-in-google-and-how-i-got-csrf-token-for-victim-account-rather-than-bypass-it-1337-bf01261feb47) by [Oday Alhalbe](https://bughunter.withgoogle.com/profile/91a2e03b-0b0d-422c-9cd6-aa2a2ae24b57)
173 | - **[Aug 26 - $???]** [Auth bypass: Leaking Google Cloud service accounts and projects](https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html)[*](https://web.archive.org/web/20210426150539/https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
174 | - **[Aug 25 - $1,337]** [How I Tracked Your Mother: Tracking Waze drivers using UI elements](https://www.malgregator.com/post/waze-how-i-tracked-your-mother/)[*](https://web.archive.org/web/20210426150447/https://www.malgregator.com/post/waze-how-i-tracked-your-mother/) by [Peter Gasper](https://github.com/viralpoetry)
175 | - **[Aug 22 - $???]** [The Short tale of two bugs on Google Cloud Product— Google VRP (Resolved)](https://medium.com/bugbountywriteup/the-short-tale-of-two-bugs-on-google-cloud-product-google-vrp-resolved-47c913dca8fc)[*](https://web.archive.org/web/20210426155551/https://medium.com/bugbountywriteup/the-short-tale-of-two-bugs-on-google-cloud-product-google-vrp-resolved-47c913dca8fc) by [Sriram Kesavan](https://twitter.com/sriramoffcl)
176 | - **[Aug 19 - $???]** [The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer](https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/)[*](https://web.archive.org/web/20210426150355/https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/) by [Allison Husain](https://twitter.com/ezhes_)
177 | - **[Aug 18 - $???]** [How to contact Google SRE: Dropping a shell in Cloud SQL](https://www.ezequiel.tech/2020/08/dropping-shell-in.html)[*](https://web.archive.org/web/20210426150212/https://www.ezequiel.tech/2020/08/dropping-shell-in.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
178 | - **[Aug 18 - $???]** [Three More Google Cloud Shell Bugs Explained](https://blog.daviddworken.com/posts/cloud-shell-bugs-explained/)[*](https://web.archive.org/web/20210426150303/https://blog.daviddworken.com/posts/cloud-shell-bugs-explained/) by [David Dworken](https://twitter.com/ddworken)
179 | - **[Aug 17 - $???]** [Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties](https://abss.me/posts/fcm-takeover/)[*](https://web.archive.org/web/20211106114016/https://abss.me/posts/fcm-takeover/) by [Abss](https://twitter.com/absshax)
180 | - **[Aug 15 - $???]** [How I was able to send Authentic Emails as others - Google VRP (Resolved)](https://medium.com/@sriram_offcl/how-i-was-able-to-send-authentic-emails-as-others-google-vrp-resolved-2af94295f326)[*](https://web.archive.org/web/20210426150142/https://infosecwriteups.com/how-i-was-able-to-send-authentic-emails-as-others-google-vrp-resolved-2af94295f326?gi=f5aa5ddfe308) by [Sriram Kesavan](https://www.twitter.com/sriramoffcl/)
181 | - **[Jul 31 - $4,133.7]** [Script Gadgets! Google Docs XSS Vulnerability Walkthrough](https://www.youtube.com/watch?v=aCexqB9qi70)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
182 | - **[Jul 28 - $1,337]** [Authorization bypass in Google’s ticketing system (Google-GUTS)](https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system)[*](https://web.archive.org/web/20210426145929/https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
183 | - **[Jul 17 - $5,000]** [Idor in google product](https://medium.com/@balook/idor-in-google-datastudio-google-com-f2fa51b763de)[*](https://web.archive.org/web/20210426145859/https://balook.medium.com/idor-in-google-datastudio-google-com-f2fa51b763de) by [baluz](https://twitter.com/critical_b0y)
184 | - **[Jul 14 - $6,267.4]** [Hunting postMessage Vulnerabilities](https://web.archive.org/web/20211016075506/https://insight.claranet.co.uk/technical-blogs/hunting-postmessage-vulnerabilities)[*](#) by [Gary O'leary-Steele](https://twitter.com/garyoleary)
185 | - **[Jun 15 - $3,133.7]** [SMTP Injection in Gsuite](https://www.ehpus.com/post/smtp-injection-in-gsuite)[*](https://web.archive.org/web/20210426145801/https://www.ehpus.com/post/smtp-injection-in-gsuite) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
186 | - **[Jun 06 - $500]** [How i earned $500 from google by change one character .](https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5)[*](https://web.archive.org/web/20210426145720/https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5) by [Oday Alhalbe](https://bughunter.withgoogle.com/profile/91a2e03b-0b0d-422c-9cd6-aa2a2ae24b57)
187 | - **[Jun 04 - $???]** [Privilege Escalation in Google Cloud Platform's OS Login](https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020)[*](https://web.archive.org/web/20210426145702/https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020) by [Chris Moberly](https://twitter.com/init_string)
188 | - **[Jun 04 - $???]** [Three Privilege Escalation Bugs in Google Cloud Platform’s OS Login](https://initblog.com/2020/oslogin-privesc/)[*](https://web.archive.org/web/20231124071907/https://initblog.com/2020/oslogin-privesc/) by [initstring](https://twitter.com/init_string)
189 | - **[May 21 - $31,337]** [RCE in Google Cloud Deployment Manager](https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html)[*](https://web.archive.org/web/20210426145643/https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
190 | - **[May 10 - $???]** [Bypassing Firebase authorization to create custom goo.gl subdomains](https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/)[*](https://web.archive.org/web/20210426145625/https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
191 | - **[May 08 - $4,133.7]** [Bypass XSS filter using HTML Escape](https://medium.com/@adonkidz7/bypass-xss-filter-using-html-escape-f2e06bebc8c3)[*](https://web.archive.org/web/20210426145550/https://medium.com/@adonkidz7/bypass-xss-filter-using-html-escape-f2e06bebc8c3) by [Syahri Ramadan](https://twitter.com/adonkidz7)
192 | - **[May 07 - $3,133.7]** [DOM-Based XSS at accounts.google.com by Google Voice Extension](http://www.missoumsai.com/google-accounts-xss.html)[*](https://web.archive.org/web/20210426145453/https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js) by [Missoum Said](https://twitter.com/missoum1307)
193 | - **[May 07 - $???]** [Google Acquisition XSS (Apigee)](https://medium.com/@TnMch/google-acquisition-xss-apigee-5479d7b5dc4)[*](https://web.archive.org/web/20210426145510/https://medium.com/@TnMch/google-acquisition-xss-apigee-5479d7b5dc4) by [TnMch](https://twitter.com/TnMch_)
194 | - **[May 03 - $???]** [DOM XSS in Gmail with a little help from Chrome](https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/)[*](https://web.archive.org/web/20210426145435/https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/) by [Enguerran Gillier](https://twitter.com/opnsec)
195 | - **[Apr 30 - $6,267.4]** [Researching Polymorphic Images for XSS on Google Scholar](https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html)[*](https://web.archive.org/web/20210426145402/https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html) by [Lorenzo Stella](https://twitter.com/doyensec)
196 | - **[Mar 27 - $3,133.7]** [$3133.7 Google Bug Bounty Writeup- XSS Vulnerability!](https://pethuraj.com/blog/google-bug-bounty-writeup/)[*](https://web.archive.org/web/20210426145344/https://www.pethuraj.com/blog/google-bug-bounty-writeup/) by [Pethuraj M](https://twitter.com/itsmepethu)
197 | - **[Mar 11 - $100,000]** [$100k Hacking Prize - Security Bugs in Google Cloud Platform](https://www.youtube.com/watch?v=J2icGMocQds)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
198 | - **[Mar 10 - $3,133.7]** [Cookie Tossing to RCE on Google Cloud JupyterLab](https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks)[*](https://web.archive.org/web/20211216174102/https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks) by [s1r1us](https://twitter.com/S1r1u5_)
199 | - **[Mar 08 - $6,000]** [The unexpected Google wide domain check bypass](https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/)[*](https://web.archive.org/web/20210426145128/https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/) by [David Schütz](https://twitter.com/xdavidhu)
200 | - **[Mar 07 - $5,000]** [Google Ads Self-XSS & Html Injection $5000](https://medium.com/@adonkidz7/google-ads-self-xss-html-injection-5000-52280da76c80)[*](https://web.archive.org/web/20210426145106/https://medium.com/@adonkidz7/google-ads-self-xss-html-injection-5000-52280da76c80) by [Syahri Ramadan](https://twitter.com/adonkidz7)
201 | - **[Jan 12 - $???]** [Information Disclosure Vulnerability in the Google Cloud Speech-to-Text API](https://www.dcine.com/2020/01/12/information-disclosure-vulnerability-in-the-google-cloud-speech-to-text-api/)[*](https://web.archive.org/web/20210426154851/https://www.dcine.com/2020/01/12/information-disclosure-vulnerability-in-the-google-cloud-speech-to-text-api/) by [Dan Maas](https://www.linkedin.com/in/dan-maas-66b2a045/)
202 | 
203 | ### 2019:
204 | 
205 | - **[Dec 30 - $3,133.7]** [How did I earn $3133.70 from Google Translator? (XSS)](https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc)[*](https://web.archive.org/web/20210426145004/https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc) by [Beri Bey](https://medium.com/@beribeys)
206 | - **[Dec 19 - $???]** [SSRF in Google Cloud Platform StackDriver](https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/)[*](https://web.archive.org/web/20210426144944/https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/) by [Ron Chan](https://twitter.com/ngalongc)
207 | - **[Dec 16 - $???]** [4 Google Cloud Shell bugs explained](https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/)[*](https://web.archive.org/web/20210426144926/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/) by [Wouter ter Maat](https://twitter.com/wtm_offensi)
208 | - **[Dec 15 - $5,000]** [The File uploading CSRF in Google Cloud Shell Editor](https://obmiblog.blogspot.com/2019/12/gcp-5k-file-uploading-csrf.html)[*](https://web.archive.org/web/20210426144654/https://obmiblog.blogspot.com/2019/12/gcp-5k-file-uploading-csrf.html) by [Obmi](https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96)
209 | - **[Dec 15 - $5,000]** [The oauth token hijacking in Google Cloud Shell Editor](https://obmiblog.blogspot.com/2019/12/gcp-5k-oauth-token-hijack.html)[*](https://web.archive.org/web/20210426144818/https://obmiblog.blogspot.com/2019/12/gcp-5k-oauth-token-hijack.html) by [Obmi](https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96)
210 | - **[Dec 15 - $5,000]** [The XSS ( type II ) in Google Cloud Shell Editor](https://obmiblog.blogspot.com/2019/12/gcp-5k-xss-type-ii.html)[*](https://web.archive.org/web/20210426144843/https://obmiblog.blogspot.com/2019/12/gcp-5k-xss-type-ii.html) by [Obmi](https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96)
211 | - **[Dec 09 - $???]** [BlackAlps 2019: Google Bug Hunters](https://www.youtube.com/watch?v=DTXUMBc1zEc)[*](#) by [Eduardo Vela Nava](https://twitter.com/sirdarckcat)
212 | - **[Nov 29 - $1,337]** [Writeup for the 2019 Google Cloud Platform VRP Prize!](https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204)[*](https://web.archive.org/web/20210426144427/https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204) by [Missoum Said](https://twitter.com/missoum1307)
213 | - **[Nov 18 - $???]** [XSS in GMail’s AMP4Email via DOM Clobbering](https://research.securitum.com/xss-in-amp4email-dom-clobbering/)[*](https://web.archive.org/web/20210426144343/https://research.securitum.com/xss-in-amp4email-dom-clobbering/) by [Michał Bentkowski](https://twitter.com/SecurityMB)
214 | - **[Oct 01 - $5,000]** [Google Paid Me to Talk About a Security Issue!](https://www.youtube.com/watch?v=E-P9USG6kLs)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
215 | - **[Sep 09 - $???]** [Combination of techniques lead to DOM Based XSS in Google](http://sasi2103.blogspot.com/2016/09/combination-of-techniques-lead-to-dom.html)[*](https://web.archive.org/web/20210426144125/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css) by [Sasi Levi](https://twitter.com/sasi2103)
216 | - **[Aug 31 - $36,337]** [$36k Google App Engine RCE](https://www.ezequiel.tech/p/36k-google-app-engine-rce.html)[*](https://web.archive.org/web/20210426144056/https://www.ezequiel.tech/p/36k-google-app-engine-rce.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
217 | - **[Jul 20 - $13,337]** [Into the Borg – SSRF inside Google production network](https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/)[*](https://web.archive.org/web/20210426144037/https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/) by [Enguerran Gillier](https://twitter.com/opnsec)
218 | - **[Jul 10 - $???]** [Gsuite Hangouts Chat 5k IDOR](https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html)[*](https://web.archive.org/web/20210426144021/https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
219 | - **[May 21 - $13,337]** [Google Bug Bounty: LFI on Production Servers in “springboard.google.com” – $13,337 USD](https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/)[*](https://web.archive.org/web/20210426143959/https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/) by [Omar Espino](https://twitter.com/omespino)
220 | - **[Apr 27 - $0]** [Broken Access: Posting to Google private groups through any user in the group](https://elbs.medium.com/broken-access-posting-to-google-private-groups-through-any-user-in-the-group-3becfa818894)[*](https://web.archive.org/web/20220319113457/https://elbs.medium.com/broken-access-posting-to-google-private-groups-through-any-user-in-the-group-3becfa818894) by [Elber Andre](https://twitter.com/elber333)
221 | - **[Apr 23 - $???]** [Best Of Google VRP 2018 | nullcon Goa 2019](https://www.youtube.com/watch?v=mJwZfRXs83M)[*](#) by [Daniel Stelter-Gliese](https://ch.linkedin.com/in/daniel-stelter-gliese-170a70a2)
222 | - **[Mar 31 - $???]** [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
223 | - **[Mar 29 - $0]** [Inserting arbitrary files into anyone’s Google Earth Projects Archive](https://websecblog.com/vulns/google-earth-studio-vulnerability/)[*](https://web.archive.org/web/20210426143537/https://websecblog.com/vulns/google-earth-studio-vulnerability/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
224 | - **[Mar 26 - $3,133.7]** [How I could have hijacked a victim’s YouTube notifications!](https://hackademic.co.in/youtube-bug/)[*](https://web.archive.org/web/20210426143444/https://hackademic.co.in/youtube-bug/) by [Yash Sodha](https://twitter.com/y_sodha)
225 | - **[Feb 12 - $???]** [Hacking YouTube for #fun and #profit](https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/)[*](https://web.archive.org/web/20210426143407/https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/) by [Alexandru Coltuneac](https://twitter.com/dekeeu)
226 | - **[Jan 31 - $???]** [LFI in Apigee portals](https://offensi.com/2019/01/31/lfi-in-apigee-portals/)[*](https://web.archive.org/web/20210426143319/https://offensi.com/2019/01/31/lfi-in-apigee-portals/) by [Wouter ter Maat](https://twitter.com/wtm_offensi)
227 | - **[Jan 30 - $7,500]** [$7.5k Google Cloud Platform organization issue](https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html)[*](https://web.archive.org/web/20210426143153/https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
228 | - **[Jan 25 - $3,133.7]** [How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)](https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1)[*](https://web.archive.org/web/20210714192039/https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1) by [Luke Berner](https://www.linkedin.com/in/lucas-berner-89865339/)
229 | - **[Jan 18 - $10,000]** [$10k host header](https://www.ezequiel.tech/p/10k-host-header.html)[*](https://web.archive.org/web/20210426143105/https://www.ezequiel.tech/p/10k-host-header.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
230 | 
231 | ### 2018:
232 | 
233 | - **[Dec 12 - $???]** [XSSing Google Code-in thanks to improperly escaped JSON data](https://websecblog.com/vulns/google-code-in-xss/)[*](https://web.archive.org/web/20210426143039/https://websecblog.com/vulns/google-code-in-xss/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
234 | - **[Dec 11 - $???]** [Clickjacking DOM XSS on Google.org](https://websecblog.com/vulns/clickjacking-xss-on-google-org/)[*](https://web.archive.org/web/20210426143010/https://websecblog.com/vulns/clickjacking-xss-on-google-org/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
235 | - **[Dec 05 - $500]** [Billion Laugh Attack in https://sites.google.com](https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html)[*](https://web.archive.org/web/20210426142956/https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html) by [Antonio Sanso](https://twitter.com/asanso)
236 | - **[Nov 25 - $???]** [XSS in Google's Acquisition](https://www.secjuice.com/google-hall-of-fame/)[*](https://web.archive.org/web/20210426142909/https://www.secjuice.com/google-hall-of-fame/) by [Abartan Dhakal](https://twitter.com/imhaxormad)
237 | - **[Nov 19 - $???]** [XS-Searching Google’s bug tracker to find out vulnerable source code](https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549)[*](https://web.archive.org/web/20210426142831/https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549) by [Luan Herrera](https://twitter.com/lbherrera_)
238 | - **[Nov 14 - $58,837]** [Google Cloud Platform vulnerabilities - BugSWAT](https://www.youtube.com/watch?v=9pviQ19njIs)[*](#) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
239 | - **[Nov 11 - $7,500]** [Clickjacking on Google MyAccount Worth 7,500$](https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/)[*](https://web.archive.org/web/20210426142610/https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/) by [Apapedulimu](https://twitter.com/LocalHost31337)
240 | - **[Oct 04 - $???]** [GoogleMeetRoulette: Joining random meetings](https://www.martinvigo.com/googlemeetroulette/)[*](https://web.archive.org/web/20210426142548/https://www.martinvigo.com/googlemeetroulette/) by [Martin Vigo](https://twitter.com/martin_vigo)
241 | - **[Sep 05 - $???]** [Reflected XSS in Google Code Jam](https://websecblog.com/vulns/reflected-xss-in-google-code-jam/)[*](https://web.archive.org/web/20210426142529/https://websecblog.com/vulns/reflected-xss-in-google-code-jam/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
242 | - **[Aug 22 - $???]** [Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org](https://websecblog.com/vulns/stored-xss-in-webcomponents-org/)[*](https://web.archive.org/web/20210426142509/https://websecblog.com/vulns/stored-xss-in-webcomponents-org/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
243 | - **[May 25 - $???]** [Waze remote vulnerabilities](http://blog.appscan.io/index.php/2018/05/25/waze-remote-vulnerability-technical-report/)[*](https://web.archive.org/web/20210426142449/https://platform.twitter.com/widgets.js) by [PanguTeam](https://twitter.com/PanguTeam)
244 | - **[Apr 06 - $5,000]** [Missing access control in Google play store](https://vishwarajbhattrai.wordpress.com/2019/06/03/missing-access-control-at-play-store/)[*](https://web.archive.org/web/20220906194012/https://vishwarajbhattrai.wordpress.com/2019/06/03/missing-access-control-at-play-store/) by [Vishwaraj Bhattrai](https://twitter.com/vishwaraj101)
245 | - **[Mar 31 - $5,000]** [$5k Service dependencies](https://www.ezequiel.tech/p/5k-service-dependencies.html)[*](https://web.archive.org/web/20210426142421/https://www.ezequiel.tech/p/5k-service-dependencies.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
246 | - **[Mar 28 - $???]** [Stored XSS on biz.waze.com](https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss)[*](https://web.archive.org/web/20210426142404/https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss) by [Rojan Rijal](https://twitter.com/mallocsys)
247 | - **[Mar 07 - $13,337]** [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)[*](https://web.archive.org/web/20210426142313/https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html) by [Craig Arendt](https://twitter.com/signalchaos)
248 | - **[Feb 24 - $13,337]** [Bypassing Google’s authentication to access their Internal Admin panels](https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3)[*](https://web.archive.org/web/20210426142233/https://infosecwriteups.com/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3?gi=7dceba0c0601) by [Vishnu Prasad P G](https://twitter.com/vishnuprasadnta)
249 | - **[Feb 19 - $???]** [Google bugs stories and the shiny pixelbook](https://bughunt1307.herokuapp.com/googlebugs.html)[*](https://web.archive.org/web/20210426142214/https://bughunt1307.herokuapp.com/googlebugs.html) by [Missoum Said](https://twitter.com/missoum1307)
250 | - **[Feb 14 - $7,500]** [$7.5k Google services mix-up](https://www.ezequiel.tech/p/75k-google-services-mix-up.html)[*](https://web.archive.org/web/20210426142153/https://www.ezequiel.tech/p/75k-google-services-mix-up.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
251 | 
252 | ### 2017:
253 | 
254 | - **[Oct 30 - $15,600]** [How I hacked Google’s bug tracking system itself for $15,600 in bounties](https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5)[*](https://web.archive.org/web/20210426142116/https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) by [Alex Birsan](https://twitter.com/alxbrsn)
255 | - **[Jun 21 - $???]** [nullcon Goa 2017 - Great Bugs In Google VRP In 2016](https://www.youtube.com/watch?v=zs_nEJ9fh_4)[*](#) by [Martin Straka and Karshan Sharma](https://nullcon.net/website/goa-2017/about-speakers.php)
256 | - **[Jun 08 - $???]** [RuhrSec 2017: Secrets of the Google Vulnerability Reward Program](https://www.youtube.com/watch?v=ueEsOnHJZ80)[*](#) by [Krzysztof Kotowicz](https://ch.linkedin.com/in/kkotowicz)
257 | - **[Mar 09 - $5,000]** [How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)](https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff)[*](https://web.archive.org/web/20210426154813/https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff) by [Marin Moulinier](https://github.com/marin-m)
258 | - **[Mar 01 - $???]** [Ok Google, Give Me All Your Internal DNS Information!](https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/)[*](https://web.archive.org/web/20210426141632/https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/) by [Julien Ahrens](https://twitter.com/MrTuxracer)
259 | - **[Feb 26 - $3,133.7]** [Exploiting Clickjacking Vulnerability To Steal User Cookies](https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/)[*](https://web.archive.org/web/20210426141611/https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
260 | - **[Jan 04 - $???]** [fastboot oem sha1sum](https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/)[*](https://web.archive.org/web/20210426141546/https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/) by [Roee Hay](https://twitter.com/roeehay)
261 | 
262 | ### 2016:
263 | 
264 | - **[Nov 29 - $???]** [War Stories from Google’s Vulnerability Reward Program](https://www.youtube.com/watch?v=QoE0M7v84ZU)[*](#) by [Gábor Molnár](https://twitter.com/molnar_g)
265 | - **[Oct 09 - $6,000]** [How I got 6000$ from #Google (Google Cloudshell RCE)](https://medium.com/@pranavvenkats/how-i-got-6000-from-google-a4670aa4158d)[*](https://web.archive.org/web/20211224124304/https://medium.com/@pranavvenkats/how-i-got-6000-from-google-a4670aa4158d) by [Pranav Venkat](https://twitter.com/PranavVenkatS)
266 | - **[Aug 26 - $500]** [$500 getClass](https://www.ezequiel.tech/p/500-getclass.html)[*](https://web.archive.org/web/20210426141327/https://www.ezequiel.tech/p/500-getclass.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
267 | - **[Feb 28 - $???]** [Stored, Reflected and DOM XSS in Google for Work Connect (GWC)](http://respectxss.blogspot.com/2016/02/stored-reflected-and-dom-xss-in-google.html)[*](https://web.archive.org/web/20210426141309/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css) by [Ashar Javed](https://twitter.com/soaj1664ashar)
268 | 
269 | ### 2015:
270 | 
271 | - **[Dec 08 - $???]** [Creative bug which result Stored XSS on m.youtube.com](http://sasi2103.blogspot.com/2015/12/creative-bug-which-result-stored-xss-on.html)[*](https://web.archive.org/web/20210426141238/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css) by [Sasi Levi](https://twitter.com/sasi2103)
272 | - **[Oct 29 - $???]** [XSS in YouTube Gaming](http://respectxss.blogspot.com/2015/10/xss-in-youtube-gaming.html)[*](https://web.archive.org/web/20210426141159/https://apis.google.com/js/plusone.js) by [Ashar Javed](https://twitter.com/soaj1664ashar)
273 | - **[Jun 26 - $3,133.7]** [Youtube Editor XSS Vulnerability](https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/)[*](https://web.archive.org/web/20210426141130/https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
274 | 
275 | ### 2014:
276 | 
277 | - **[Oct 31 - $5,000]** [The 5000$ Google XSS](https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/)[*](https://web.archive.org/web/20210426141105/https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/) by [Patrik Fehrenbach](https://twitter.com/itsecurityguard)
278 | - **[Oct 26 - $1,337]** [Youtube XSS Vulnerability (Stored -> Self Executed)](https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/)[*](https://web.archive.org/web/20210426141030/https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
279 | - **[Aug 13 - $???]** [I hate you, so I pawn your Google Open Gallery](https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html)[*](https://web.archive.org/web/20210426141004/https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html) by [Ahmad Ashraff](https://twitter.com/yappare)
280 | - **[Jan 10 - $???]** [Again, from Nay to Yay in Google Vulnerability Reward Program!](https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html)[*](https://web.archive.org/web/20210426140901/https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html) by [Ahmad Ashraff](https://twitter.com/yappare)
281 | 
282 | ### 2013:
283 | 
284 | - **[Sep 15 - $3,133.7]** [XSRF and Cookie manipulation on google.com](https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/)[*](https://web.archive.org/web/20210426140814/https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/) by [Michele Spagnuolo](https://twitter.com/mikispag)
285 | - **[Jul 08 - $???]** [Stored XSS in GMail](https://blog.miki.it/2013/7/8/stored-xss-in-gmail/)[*](https://web.archive.org/web/20210426140721/https://blog.miki.it/2013/7/8/stored-xss-in-gmail/) by [Michele Spagnuolo](https://twitter.com/mikispag)
286 | 
287 | ### Unknown Date:
288 | 
289 | - **[??? - $5,000]** [Google VRP : oAuth token stealing](http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html)[*](https://web.archive.org/web/20210426134427/http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html) by [Harsh Jaiswal](https://twitter.com/rootxharsh)
290 | - **[??? - $???]** [Unauth meetings access](https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs)[*](https://web.archive.org/web/20210426134719/https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs) by [Rojan Rijal](https://twitter.com/mallocsys)
291 | - **[??? - $???]** [XSS vulnerability in Google Cloud Shell’s code editor through mini-browser endpoint](https://ψ.fun/i/ZK9Kv)[*](https://web.archive.org/web/20210426134738/https://xn--9xa.fun/i/ZK9Kv) by [Psi](https://ψ.fun/)
292 | - **[??? - $???]** [Information leakage vulnerability in Google Cloud Shell’s proxy service](https://ψ.fun/i/KPMGz)[*](https://web.archive.org/web/20210426135117/https://xn--9xa.fun/i/KPMGz) by [Psi](https://ψ.fun/)
293 | - **[??? - $???]** [XSS vulnerability in Google Cloud Shell’s code editor through SVG files](https://ψ.fun/i/92uQC)[*](https://web.archive.org/web/20210426135226/https://xn--9xa.fun/i/92uQC) by [Psi](https://ψ.fun/)
294 | - **[??? - $???]** [CSWSH vulnerability in Google Cloud Shell’s code editor](https://ψ.fun/i/yvpMj)[*](https://web.archive.org/web/20210426135214/https://xn--9xa.fun/i/yvpMj) by [Psi](https://ψ.fun/)
295 | - **[??? - $3,133.7]** [Open redirects that matter](https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter)[*](https://web.archive.org/web/20210426135137/https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter) by [Tomasz Bojarski](https://bughunter.withgoogle.com/profile/c25fa487-a4df-4e2e-b877-4d31d8964b82)
296 | - **[??? - $???]** [Voice Squatting & Voice Masquerading Attack against Amazon Alexa and Google Home Actions](https://sites.google.com/site/voicevpasec/)[*](https://web.archive.org/web/20210426140434/https://sites.google.com/site/voicevpasec/) by [???](#)
297 | - **[??? - $???]** [Blind XSS against a Googler](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss)[*](https://web.archive.org/web/20210426135137/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss) by [Rojan Rijal](https://twitter.com/mallocsys)
298 | - **[??? - $???]** [Multiple XSSs on hire.withgoogle.com](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses)[*](https://web.archive.org/web/20210426140538/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses) by [Rojan Rijal](https://twitter.com/mallocsys)
299 | - **[??? - $???]** [Auth Issues on hire.withgoogle.com](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues)[*](https://web.archive.org/web/20210426140604/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues) by [Rojan Rijal](https://twitter.com/mallocsys)
300 | - **[??? - $???]** [G Suite - Device Management XSS](https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management)[*](https://web.archive.org/web/20210426140631/https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management) by [Rojan Rijal](https://twitter.com/mallocsys)
301 | 


--------------------------------------------------------------------------------