diff --git a/writeups.csv b/writeups.csv index 8910fd1..4053dee 100644 --- a/writeups.csv +++ b/writeups.csv @@ -189,6 +189,7 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url 2023-01-22,?,How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon],https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900,Orwa Atyat,https://twitter.com/GodfatherOrwa,blog,true,https://web.archive.org/web/20231022091621/https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900 2023-02-05,?,I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35,https://web.archive.org/web/20230306174012/https://bloggerrando.blogspot.com/2023/02/06-2.html,R ando,https://twitter.com/Rando02355205,blog,true,? 2023-02-07,0,Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRP,https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403,Basavaraj Banakar,https://twitter.com/basu_banakar,blog,true,https://web.archive.org/web/20231008030116/https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403 +2023-02-09,?,"Broken Access Control can create Asset library whereas role access is billing + IDOR | Google Ads",https://medium.com/@ggilang1135/broken-access-control-can-create-asset-library-whereas-role-access-is-billing-idor-b1b632f2c281,Gilang Romadon,https://medium.com/@ggilang1135,blog,false,? 2023-02-10,500,Information disclosure or GDPR breach? A Google tale…,https://medium.com/@lukeberner/information-disclosure-or-gdpr-breach-a-google-tale-f9e99fd5d648,Luke Berner,https://www.linkedin.com/in/lucas-berner-89865339/,blog,true,https://web.archive.org/web/20230226134624/https://medium.com/@lukeberner/information-disclosure-to-gdpr-breach-a-google-tale-f9e99fd5d648 2023-03-13,5000,The Time I Hacked Google’s Manual Actions Database,https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/,Tom Anthony,https://twitter.com/TomAnthonySEO,blog,true,https://web.archive.org/web/20230511184950/https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/ 2023-03-18,?,Exploiting aCropalypse: Recovering Truncated PNGs,https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html,David Buchanan,https://twitter.com/David3141593,blog,true,https://web.archive.org/web/20230727225338/https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html @@ -209,3 +210,4 @@ date,bounty,title,url,author,author-url,type,tweeted,archive-url 2023-10-19,?,Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio,https://embracethered.com/blog/posts/2023/google-gcp-generative-ai-studio-data-exfiltration-fixed/,Johann Rehberger,https://twitter.com/wunderwuzzi23,blog,true,https://web.archive.org/web/20231104051811/https://embracethered.com/blog/posts/2023/google-gcp-generative-ai-studio-data-exfiltration-fixed/ 2023-11-02,?,ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services,https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services,Tenable,https://twitter.com/tenablesecurity,blog,true,https://web.archive.org/web/20231103110025/https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services 2023-11-14,10000,Uncovering a crazy privilege escalation from Chrome extensions,https://0x44.xyz/blog/cve-2023-4369/,Derin Eryilmaz,https://twitter.com/deryilz,blog,true,https://web.archive.org/web/20231114231353/https://0x44.xyz/blog/cve-2023-4369/ +2023-11-14,?,"Google VRP -[IDOR] Deleted Victim Data & Leaked",https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a,Gilang Romadon,https://medium.com/@ggilang1135,blog,false,?