compilado de los mejores writeup del programa de recompensas del progama de Google Bug bounty (GoogleVRP)
https://github.com/xdavidhu/awesome-google-vrp-writeups
# Awesome Google VRP Writeups
🐛 A list of writeups from the Google VRP Bug Bounty program
*\*writeups: **not just** writeups*
## Contributing:
If you have/know of any Google writeups not listed in this repository, feel free to open a Pull Request. If the writeup is new, add it to the top of the list, if it is not, to the end.
The template to follow when adding new writeups:
```
- [TITLE](URL) by [NAME](TWITTER_URL)
```
*If no Twitter account is available, try finding something similar, like other social media page or website.*
### Contributors:
[David Schütz](
https://twitter.com/xdavidhu), [Alex Birsan](
https://twitter.com/alxbrsn), `YOUR_NAME_HERE`
Thank you! 🎉
## Blog posts:
- [$36k Google App Engine RCE](
https://www.ezequiel.tech/p/36k-google-app-engine-rce.html) by [Ezequiel Pereira](
https://twitter.com/epereiralopez)
- [How I hacked Google’s bug tracking system itself for $15,600 in bounties](
https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) by [Alex Birsan](
https://twitter.com/alxbrsn)
- [XSS in GMail’s AMP4Email via DOM Clobbering](
https://research.securitum.com/xss-in-amp4email-dom-clobbering/) by [Michał Bentkowski](
https://twitter.com/SecurityMB)
- [$10k host header](
https://www.ezequiel.tech/p/10k-host-header.html) by [Ezequiel Pereira](
https://twitter.com/epereiralopez)
- [Into the Borg – SSRF inside Google production network](
https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/) by [Enguerran Gillier](
https://twitter.com/opnsec)
- [SSRF in Google Cloud Platform StackDriver](
https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/) by [Ron Chan](
https://twitter.com/ngalongc)
- [$7.5k Google services mix-up](
https://www.ezequiel.tech/p/75k-google-services-mix-up.html) by [Ezequiel Pereira](
https://twitter.com/epereiralopez)
- [Google Bug Bounty: LFI on Production Servers in “springboard.google.com” – $13,337 USD](
https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/) by [Omar Espino](
https://twitter.com/omespino)
- [Bypassing Google’s authentication to access their Internal Admin panels](
https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3) by [Vishnu Prasad P G](
https://twitter.com/vishnuprasadnta)
- [Creative bug which result Stored XSS on m.youtube.com](
http://sasi2103.blogspot.com/2015/12/creative-bug-which-result-stored-xss-on.html) by [Sasi Levi](
https://twitter.com/sasi2103)
- [$7.5k Google Cloud Platform organization issue](
https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html) by [Ezequiel Pereira](
https://twitter.com/epereiralopez)
- [Gsuite Hangouts Chat 5k IDOR](
https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html) by [Cameron Vincent](
https://twitter.com/secretlyhidden1)
- [$5k Service dependencies](
https://www.ezequiel.tech/p/5k-service-dependencies.html) by [Ezequiel Pereira](
https://twitter.com/epereiralopez)
- [Open redirects that matter](
https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter) by [Tomasz Bojarski](
https://bughunter.withgoogle.com/profile/c25fa487-a4df-4e2e-b877-4d31d8964b82)
- [Google VRP : oAuth token stealing](
http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html) by [Harsh Jaiswal](
https://twitter.com/rootxharsh)
- [Combination of techniques lead to DOM Based XSS in Google](
http://sasi2103.blogspot.com/2016/09/combination-of-techniques-lead-to-dom.html) by [Sasi Levi](
https://twitter.com/sasi2103)
- [Unauth meetings access](
https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs) by [Rojan Rijal](
https://twitter.com/mallocsys)
- [Deleting/Altering All Google Cloud Budget Monitors](
https://secreltyhiddenwriteups.blogspot.com/2019/12/deletingaltering-all-google-cloud.html) by [Cameron Vincent](
https://twitter.com/secretlyhidden1)
- [Youtube Editor XSS Vulnerability](
https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/) by [Jasminder Pal Singh](
https://twitter.com/Singh_Jasminder)
- [Google bugs stories and the shiny pixelbook](
https://bughunt1307.herokuapp.com/googlebugs.html) by [Missoum Said](
https://twitter.com/missoum1307)
- [$500 getClass](
https://www.ezequiel.tech/p/500-getclass.html) by [Ezequiel Pereira](
https://twitter.com/epereiralopez)
- [Google Webmaster Markup Helper Framed Application XSS](
https://jasminderpalsingh.info/google-webmaster-markup-helper-framed-application-xss/) by [Jasminder Pal Singh](
https://twitter.com/Singh_Jasminder)
- [Voice Squatting & Voice Masquerading Attack against Amazon Alexa and Google Home Actions](
https://sites.google.com/site/voicevpasec/) by
- [Stored XSS on biz.waze.com](
https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss) by [Rojan Rijal](
https://twitter.com/mallocsys)
- [XSSing Google Code-in thanks to improperly escaped JSON data](
https://appio.dev/vulns/google-code-in-xss/) by [Thomas Orlita](
https://twitter.com/ThomasOrlita)
- [Writeup for the 2019 Google Cloud Platform VRP Prize!](
https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204) by [Missoum Said](
https://twitter.com/missoum1307)
- [Blind XSS against a Googler](
https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss) by [Rojan Rijal](
https://twitter.com/mallocsys)
- [Youtube XSS Vulnerability [Stored -> Self Executed]](
https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/) by [Jasminder Pal Singh](
https://twitter.com/Singh_Jasminder)
- [How I could have hijacked a victim’s YouTube notifications!](
https://hackademic.co.in/youtube-bug/) by [Yash Sodha](
https://twitter.com/y_sodha)
- [Bypassing Firebase authorization to create custom goo.gl subdomains](
https://appio.dev/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/) by [Thomas Orlita](
https://twitter.com/ThomasOrlita)
- [Multiple XSSs on hire.withgoogle.com](
https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses) by [Rojan Rijal](
https://twitter.com/mallocsys)
- [Reflected XSS in Google Code Jam](
https://appio.dev/vulns/reflected-xss-in-google-code-jam/) by [Thomas Orlita](
https://twitter.com/ThomasOrlita)
- [Auth Issues on hire.withgoogle.com](
https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues) by [Rojan Rijal](
https://twitter.com/mallocsys)
- [Waze remote vulnerabilities](
http://blog.appscan.io/index.php/2018/05/25/waze-remote-vulnerability-technical-report/) by [PanguTeam](
https://twitter.com/PanguTeam)
- [Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org](
https://appio.dev/vulns/stored-xss-in-webcomponents-org/) by [Thomas Orlita](
https://twitter.com/ThomasOrlita)
- [G Suite - Device Management XSS](
https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management) by [Rojan Rijal](
https://twitter.com/mallocsys)
- [XSS in YouTube Gaming](
http://respectxss.blogspot.com/2015/10/xss-in-youtube-gaming.html) by [Ashar Javed](
https://twitter.com/soaj1664ashar)
- [Exploiting Clickjacking Vulnerability To Steal User Cookies](
https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/) by [Jasminder Pal Singh](
https://twitter.com/Singh_Jasminder)
- [Inserting arbitrary files into anyone’s Google Earth Projects Archive](
https://appio.dev/vulns/google-earth-studio-vulnerability/) by [Thomas Orlita](
https://twitter.com/ThomasOrlita)
- [Stored, Reflected and DOM XSS in Google for Work Connect (GWC)](
http://respectxss.blogspot.com/2016/02/stored-reflected-and-dom-xss-in-google.html) by [Ashar Javed](
https://twitter.com/soaj1664ashar)
- [Clickjacking DOM XSS on Google.org](
https://appio.dev/vulns/clickjacking-xss-on-google-org/) by [Thomas Orlita](
https://twitter.com/ThomasOrlita)
- [Billion Laugh Attack in
https://sites.google.com](
https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html) by [Antonio Sanso](
https://twitter.com/asanso)
- [Again, from Nay to Yay in Google Vulnerability Reward Program!](
https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html) by [Ahmad Ashraff](
https://twitter.com/yappare)
- [I hate you, so I pawn your Google Open Gallery](
https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html) by [Ahmad Ashraff](
https://twitter.com/yappare)
- [XSRF and Cookie manipulation on google.com](
https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/) by [Michele Spagnuolo](
https://twitter.com/mikispag)
- [The 5000$ Google XSS](
https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/) by [Patrik Fehrenbach](
https://twitter.com/itsecurityguard)
## Videos:
- [Best Of Google VRP 2018](
https://www.youtube.com/watch?v=mJwZfRXs83M) by [Daniel Stelter-Gliese](
https://ch.linkedin.com/in/daniel-stelter-gliese-170a70a2)
- [Great Bugs In Google VRP In 2016](
https://www.youtube.com/watch?v=zs_nEJ9fh_4) by [Martin Straka and Karshan Sharma](
https://nullcon.net/website/goa-2017/about-speakers.php)
- [Google Cloud Platform vulnerabilities](
https://www.youtube.com/watch?v=9pviQ19njIs) by [Ezequiel Pereira](
https://twitter.com/epereiralopez)
- [Google Paid Me to Talk About a Security Issue!](
https://www.youtube.com/watch?v=E-P9USG6kLs) by [LiveOverflow](
https://twitter.com/LiveOverflow/)
- [War Stories from Google’s Vulnerability Reward Program](
https://www.youtube.com/watch?v=QoE0M7v84ZU) by [Gábor Molnár](
https://twitter.com/molnar_g)
- [Secrets of the Google Vulnerability Reward Program](
https://www.youtube.com/watch?v=ueEsOnHJZ80) by [Krzysztof Kotowicz](
https://ch.linkedin.com/in/kkotowicz)
- [XSS on Google Search - Sanitizing HTML in The Client?](
https://www.youtube.com/watch?v=lG7U3fuNw3A) by [LiveOverflow](
https://twitter.com/LiveOverflow/)
