🐛 A list of writeups from the Google VRP Bug Bounty program
*writeups: not just writeups
If you have/know of any Google writeups not listed in this repository, feel free to open a Pull Request. Please try to sort the writeups by publication date.
The template to follow when adding new writeups:
If the bounty amount is not available, write $???
If no Twitter account is available, try finding something similar, like other social media page or website.
David Schütz, Alex Birsan, Dan Maas, wis4nggeni, Thomas Orlita, CaptainFreak, Akshansh Jaiswal, Nihal, Sriram, Nosa Shandy, Peter Gasper, Abartan Dhakal, Syahri Ramadan, Omar Espino
Thank you! 🎉
- [Dec 22 - $0] SSTI in Google Maps by Zohar Shacha
- [Dec 19 - $0] Google VRP – Sandboxed RCE as root on Apigee API proxies by Omar Espino
- [Nov 12 - $31,337] 31k$ SSRF in Google Cloud Monitoring led to metadata exposure by David Nechuta
- [Oct 08 - $30,000] The mass CSRFing of *.google.com/* products. by Missoum Said
- [Oct 01 - $5,000] Google bug bounty: XSS to Cloud Shell instance takeover (RCE as root) - $5,000 USD by Omar Espino
- [Sept 29 - $???] Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts by Thomas Orlita
- [Sept 20 - $500] How I earned $500 from Google - Flaw in Authentication by Hemant Patidar
- [Sept 08 - $10,000] XSS->Fix->Bypass: 10000$ bounty in Google Maps by Zohar Shacha
- [Aug 26 - $???] Auth bypass: Leaking Google Cloud service accounts and projects by Ezequiel Pereira
- [Aug 25 - $1,337] How I Tracked Your Mother: Tracking Waze drivers using UI elements by Peter Gasper
- [Aug 22 - $???] The Short tale of two bugs on Google Cloud Product— Google VRP [Resolved] by Sriram
- [Aug 19 - $???] The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer by Allison Husain
- [Aug 18 - $???] How to contact Google SRE: Dropping a shell in Cloud SQL by Ezequiel Pereira
- [Aug 18 - $???] Three More Google Cloud Shell Bugs Explained by David Dworken
- [Aug 15 - $???] How I was able to send Authentic Emails as others - Google VRP [Resolved] by Sriram
- [July 28 - $1,337] Authorization bypass in Google’s ticketing system (Google-GUTS) by Zohar Shacha
- [July 17 - $5,000] Idor in google product by baluz
- [June 15 - $3,133.7] SMTP Injection in Gsuite by Zohar Shacha
- [June 6 - $500] How i earned $500 from google by change one character . by Oday Alhalbe
- [June 4 - $???] Privilege Escalation in Google Cloud Platform's OS Login by Chris Moberly
- [May 21 - $31,337] RCE in Google Cloud Deployment Manager by Ezequiel Pereira
- [May 10 - $???] Bypassing Firebase authorization to create custom goo.gl subdomains by Thomas Orlita
- [May 8 - $4133.70] Bypass XSS filter using HTML Escape by Syahri Ramadan
- [May 7 - $3,133.7] DOM-Based XSS at accounts.google.com by Google Voice Extension by Missoum Said
- [May 7 - $???] Google Acquisition XSS (Apigee) by TnMch
- [May 3 - $???] DOM XSS in Gmail with a little help from Chrome by Enguerran Gillier
- [Apr 30 - $6,267.4] Researching Polymorphic Images for XSS on Google Scholar by Lorenzo Stella
- [March 27 - $3,133.7] $3133.7 Google Bug Bounty Writeup- XSS Vulnerability! by Pethuraj M
- [March 7 - $5,000] Google Ads Self-XSS & Html Injection $5000 by Syahri Ramadan
- [March 8 - $6,000] The unexpected Google wide domain check bypass by David Schütz
- [Jan 12 - $???] Information Disclosure Vulnerability in the Google Cloud Speech-to-Text API by Dan Maas
- [Dec 30 - $3,133.7] How did I earn $3133.70 from Google Translator? (XSS) by Beri Bey
- [Dec 19 - $???] SSRF in Google Cloud Platform StackDriver by Ron Chan
- [Dec 16 - $???] 4 Google Cloud Shell bugs explained by Wouter ter Maat
- [Dec 15 - $5,000] The File uploading CSRF in Google Cloud Shell Editor by Obmi
- [Dec 15 - $5,000] The oauth token hijacking in Google Cloud Shell Editor by Obmi
- [Dec 15 - $5,000] The XSS ( type II ) in Google Cloud Shell Editor by Obmi
- [Nov 29 - $1,337] Writeup for the 2019 Google Cloud Platform VRP Prize! by Missoum Said
- [Nov 18 - $???] XSS in GMail’s AMP4Email via DOM Clobbering by Michał Bentkowski
- [Sep 09 - $???] Combination of techniques lead to DOM Based XSS in Google by Sasi Levi
- [Aug 31 - $36,337] $36k Google App Engine RCE by Ezequiel Pereira
- [July 20 - $13,337] Into the Borg – SSRF inside Google production network by Enguerran Gillier
- [ July 10 - $???] Gsuite Hangouts Chat 5k IDOR by Cameron Vincent
- [May 21 - $13,337] Google Bug Bounty: LFI on Production Servers in “springboard.google.com” – $13,337 USD by Omar Espino
- [March 29 - $0] Inserting arbitrary files into anyone’s Google Earth Projects Archive by Thomas Orlita
- [March 26 $3,133.7] How I could have hijacked a victim’s YouTube notifications! by Yash Sodha
- [Feb 12 - $???] Hacking YouTube for #fun and #profit by Alexandru Coltuneac
- [Jan 31 - $???] LFI in Apigee portals by Wouter ter Maat
- [Jan 30 - $7,500] $7.5k Google Cloud Platform organization issue by Ezequiel Pereira
- [Jan 18 - $10,000] $10k host header by Ezequiel Pereira
- [Dec 12 - $???] XSSing Google Code-in thanks to improperly escaped JSON data by Thomas Orlita
- [Dec 11 - $???] Clickjacking DOM XSS on Google.org by Thomas Orlita
- [Dec 05 - $500] Billion Laugh Attack in https://sites.google.com by Antonio Sanso
- [Nov 19 - $???] XS-Searching Google’s bug tracker to find out vulnerable source code by Luan Herrera
- [Nov 25 - $???] XSS in Google's Acquisition by Abartan Dhakal
- [Nov 11 - $7,500] Clickjacking on Google MyAccount Worth 7,500$ by Apapedulimu
- [Oct 04 - $???] GoogleMeetRoulette: Joining random meetings by Martin Vigo
- [Sep 05 - $???] Reflected XSS in Google Code Jam by Thomas Orlita
- [Aug 22 - $???] Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org by Thomas Orlita
- [Aug - $???] Unauth meetings access by Rojan Rijal
- [May 25 - $???] Waze remote vulnerabilities by PanguTeam
- [March 31 - $5,000] $5k Service dependencies by Ezequiel Pereira
- [March 28 - $???] Stored XSS on biz.waze.com by Rojan Rijal
- [Mar 07 - $13,337] Stored XSS, and SSRF in Google using the Dataset Publishing Language by Craig Arendt
- [Feb 24 - $13,337] Bypassing Google’s authentication to access their Internal Admin panels by Vishnu Prasad P G
- [Feb 19 - $???] Google bugs stories and the shiny pixelbook by Missoum Said
- [Feb 14- $7,500] $7.5k Google services mix-up by Ezequiel Pereira
- [Oct 30 - $15,600] How I hacked Google’s bug tracking system itself for $15,600 in bounties by Alex Birsan
- [Aug - $5,000] Google VRP : oAuth token stealing by Harsh Jaiswal
- [Mar 09 - $5,000] How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) by Marin Moulinier
- [Feb 26 - $3,133.7] Exploiting Clickjacking Vulnerability To Steal User Cookies by Jasminder Pal Singh
- [Jan - $???] Ok Google, Give Me All Your Internal DNS Information! by Julien Ahrens
- [Jan 04 - $???] fastboot oem sha1sum by Roee Hay
- [Aug 26- $500] $500 getClass by Ezequiel Pereira
- [Feb 28 - $???] Stored, Reflected and DOM XSS in Google for Work Connect (GWC) by Ashar Javed
- [Dec 8 - $???] Creative bug which result Stored XSS on m.youtube.com by Sasi Levi
- [Oct 29 - $???] XSS in YouTube Gaming by Ashar Javed
- [June 26- $3,133.7] Youtube Editor XSS Vulnerability by Jasminder Pal Singh
- [Oct 31 - $5,000] The 5000$ Google XSS by Patrik Fehrenbach
- [Oct 26 - $1,337] Youtube XSS Vulnerability [Stored -> Self Executed] by Jasminder Pal Singh
- [Jan 10 - $???] Again, from Nay to Yay in Google Vulnerability Reward Program! by Ahmad Ashraff
- [Aug 13 - $???] I hate you, so I pawn your Google Open Gallery by Ahmad Ashraff
- [Sep 15 - $3,133.7] XSRF and Cookie manipulation on google.com by Michele Spagnuolo
- [July 08 - $???] Stored XSS in GMail
- [??? - $???] XSS vulnerability in Google Cloud Shell’s code editor through mini-browser endpoint by Psi
- [??? - $???] Information leakage vulnerability in Google Cloud Shell’s proxy service by Psi
- [??? - $???] XSS vulnerability in Google Cloud Shell’s code editor through SVG files by Psi
- [??? - $???] CSWSH vulnerability in Google Cloud Shell’s code editor by Psi
- [??? - $3,133.7] Open redirects that matter by Tomasz Bojarski
- [???- $???] Voice Squatting & Voice Masquerading Attack against Amazon Alexa and Google Home Actions by ???
- [??? - $???] Blind XSS against a Googler by Rojan Rijal
- [??? - $???] Multiple XSSs on hire.withgoogle.com by Rojan Rijal
- [??? - $???] Auth Issues on hire.withgoogle.com by Rojan Rijal
- [??? - $???] G Suite - Device Management XSS by Rojan Rijal
- [2020 Jul 31] Script Gadgets! Google Docs XSS Vulnerability Walkthrough by LiveOverflow
- $100k Hacking Prize - Security Bugs in Google Cloud Platform by LiveOverflow
- Google Bug Hunters by Eduardo Vela Nava
- Best Of Google VRP 2018 by Daniel Stelter-Gliese
- Great Bugs In Google VRP In 2016 by Martin Straka and Karshan Sharma
- Google Cloud Platform vulnerabilities by Ezequiel Pereira
- Google Paid Me to Talk About a Security Issue! by LiveOverflow
- War Stories from Google’s Vulnerability Reward Program by Gábor Molnár
- Secrets of the Google Vulnerability Reward Program by Krzysztof Kotowicz
- XSS on Google Search - Sanitizing HTML in The Client? by LiveOverflow