Los mejores writeups del progama de Google Bug bounty (GoogleVRP)

[hkm]

compilado de los mejores writeup del programa de recompensas del progama de Google Bug bounty (GoogleVRP) https://github.com/xdavidhu/awesome-google-vrp-writeups


# Awesome Google VRP Writeups
🐛 A list of writeups from the Google VRP Bug Bounty program

*\*writeups: **not just** writeups*

## Contributing:

If you have/know of any Google writeups not listed in this repository, feel free to open a Pull Request. If the writeup is new, add it to the top of the list, if it is not, to the end.

The template to follow when adding new writeups:
```
- [TITLE](URL) by [NAME](TWITTER_URL)
```
*If no Twitter account is available, try finding something similar, like other social media page or website.*

### Contributors:
[David Schütz](https://twitter.com/xdavidhu), [Alex Birsan](https://twitter.com/alxbrsn), `YOUR_NAME_HERE`

Thank you! 🎉

## Blog posts:
- [$36k Google App Engine RCE](https://www.ezequiel.tech/p/36k-google-app-engine-rce.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [How I hacked Google’s bug tracking system itself for $15,600 in bounties](https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) by [Alex Birsan](https://twitter.com/alxbrsn)
- [XSS in GMail’s AMP4Email via DOM Clobbering](https://research.securitum.com/xss-in-amp4email-dom-clobbering/) by [Michał Bentkowski](https://twitter.com/SecurityMB)
- [$10k host header](https://www.ezequiel.tech/p/10k-host-header.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Into the Borg – SSRF inside Google production network](https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/) by [Enguerran Gillier](https://twitter.com/opnsec)
- [SSRF in Google Cloud Platform StackDriver](https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/) by [Ron Chan](https://twitter.com/ngalongc)
- [$7.5k Google services mix-up](https://www.ezequiel.tech/p/75k-google-services-mix-up.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Google Bug Bounty: LFI on Production Servers in “springboard.google.com” – $13,337 USD](https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/) by [Omar Espino](https://twitter.com/omespino)
- [Bypassing Google’s authentication to access their Internal Admin panels](https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3) by [Vishnu Prasad P G](https://twitter.com/vishnuprasadnta)
- [Creative bug which result Stored XSS on m.youtube.com](http://sasi2103.blogspot.com/2015/12/creative-bug-which-result-stored-xss-on.html) by [Sasi Levi](https://twitter.com/sasi2103)
- [$7.5k Google Cloud Platform organization issue](https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Gsuite Hangouts Chat 5k IDOR](https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
- [$5k Service dependencies](https://www.ezequiel.tech/p/5k-service-dependencies.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Open redirects that matter](https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter) by [Tomasz Bojarski](https://bughunter.withgoogle.com/profile/c25fa487-a4df-4e2e-b877-4d31d8964b82)
- [Google VRP : oAuth token stealing](http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html) by [Harsh Jaiswal](https://twitter.com/rootxharsh)
- [Combination of techniques lead to DOM Based XSS in Google](http://sasi2103.blogspot.com/2016/09/combination-of-techniques-lead-to-dom.html) by [Sasi Levi](https://twitter.com/sasi2103)
- [Unauth meetings access](https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs) by [Rojan Rijal](https://twitter.com/mallocsys)
- [Deleting/Altering All Google Cloud Budget Monitors](https://secreltyhiddenwriteups.blogspot.com/2019/12/deletingaltering-all-google-cloud.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
- [Youtube Editor XSS Vulnerability](https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- [Google bugs stories and the shiny pixelbook](https://bughunt1307.herokuapp.com/googlebugs.html) by [Missoum Said](https://twitter.com/missoum1307)
- [$500 getClass](https://www.ezequiel.tech/p/500-getclass.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Google Webmaster Markup Helper Framed Application XSS](https://jasminderpalsingh.info/google-webmaster-markup-helper-framed-application-xss/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- [Voice Squatting & Voice Masquerading Attack against Amazon Alexa and Google Home Actions](https://sites.google.com/site/voicevpasec/) by
- [Stored XSS on biz.waze.com](https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss) by [Rojan Rijal](https://twitter.com/mallocsys)
- [XSSing Google Code-in thanks to improperly escaped JSON data](https://appio.dev/vulns/google-code-in-xss/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Writeup for the 2019 Google Cloud Platform VRP Prize!](https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204) by [Missoum Said](https://twitter.com/missoum1307)
- [Blind XSS against a Googler](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss) by [Rojan Rijal](https://twitter.com/mallocsys)
- [Youtube XSS Vulnerability [Stored -> Self Executed]](https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- [How I could have hijacked a victim’s YouTube notifications!](https://hackademic.co.in/youtube-bug/) by [Yash Sodha](https://twitter.com/y_sodha)
- [Bypassing Firebase authorization to create custom goo.gl subdomains](https://appio.dev/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Multiple XSSs on hire.withgoogle.com](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses) by [Rojan Rijal](https://twitter.com/mallocsys)
- [Reflected XSS in Google Code Jam](https://appio.dev/vulns/reflected-xss-in-google-code-jam/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Auth Issues on hire.withgoogle.com](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues) by [Rojan Rijal](https://twitter.com/mallocsys)
- [Waze remote vulnerabilities](http://blog.appscan.io/index.php/2018/05/25/waze-remote-vulnerability-technical-report/) by [PanguTeam](https://twitter.com/PanguTeam)
- [Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org](https://appio.dev/vulns/stored-xss-in-webcomponents-org/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [G Suite - Device Management XSS](https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management) by [Rojan Rijal](https://twitter.com/mallocsys)
- [XSS in YouTube Gaming](http://respectxss.blogspot.com/2015/10/xss-in-youtube-gaming.html) by [Ashar Javed](https://twitter.com/soaj1664ashar)
- [Exploiting Clickjacking Vulnerability To Steal User Cookies](https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- [Inserting arbitrary files into anyone’s Google Earth Projects Archive](https://appio.dev/vulns/google-earth-studio-vulnerability/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Stored, Reflected and DOM XSS in Google for Work Connect (GWC)](http://respectxss.blogspot.com/2016/02/stored-reflected-and-dom-xss-in-google.html) by [Ashar Javed](https://twitter.com/soaj1664ashar)
- [Clickjacking DOM XSS on Google.org](https://appio.dev/vulns/clickjacking-xss-on-google-org/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- [Billion Laugh Attack in https://sites.google.com](https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html) by [Antonio Sanso](https://twitter.com/asanso)
- [Again, from Nay to Yay in Google Vulnerability Reward Program!](https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html) by [Ahmad Ashraff](https://twitter.com/yappare)
- [I hate you, so I pawn your Google Open Gallery](https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html) by [Ahmad Ashraff](https://twitter.com/yappare)
- [XSRF and Cookie manipulation on google.com](https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/) by [Michele Spagnuolo](https://twitter.com/mikispag)
- [The 5000$ Google XSS](https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/) by [Patrik Fehrenbach](https://twitter.com/itsecurityguard)

## Videos:
- [Best Of Google VRP 2018](https://www.youtube.com/watch?v=mJwZfRXs83M) by [Daniel Stelter-Gliese](https://ch.linkedin.com/in/daniel-stelter-gliese-170a70a2)
- [Great Bugs In Google VRP In 2016](https://www.youtube.com/watch?v=zs_nEJ9fh_4) by [Martin Straka and Karshan Sharma](https://nullcon.net/website/goa-2017/about-speakers.php)
- [Google Cloud Platform vulnerabilities](https://www.youtube.com/watch?v=9pviQ19njIs) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- [Google Paid Me to Talk About a Security Issue!](https://www.youtube.com/watch?v=E-P9USG6kLs) by [LiveOverflow](https://twitter.com/LiveOverflow/)
- [War Stories from Google’s Vulnerability Reward Program](https://www.youtube.com/watch?v=QoE0M7v84ZU) by [Gábor Molnár](https://twitter.com/molnar_g)
- [Secrets of the Google Vulnerability Reward Program](https://www.youtube.com/watch?v=ueEsOnHJZ80) by [Krzysztof Kotowicz](https://ch.linkedin.com/in/kkotowicz)
- [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A) by [LiveOverflow](https://twitter.com/LiveOverflow/)