Google CTF - Web 2 - Wallowing Wallabies - Part Two
Continuing on from Wallowing Wallabies Part 1 and Wallowing Wallabies Part 2.
Google CTF – Web 5 – Wallowing Wallabies – Part Three
Author: 
Brett Buerhaus
Brett BuerhausGoogle CTF – Web 1 – Wallowing Wallabies – Part One
Author: Brett Buerhaus
Brett BuerhausGoogle CTF - Web 1 - Wallowing Wallabies - Part One
Google.com – Mobile Feedback URL Redirect Regex/Validation Flaw
Author: Brett Buerhaus
Brett BuerhausBack in October of last year I discovered a JavaScript flaw on Google.com that bypassed protocol validation by abusing an if check against a URL parsed by regex. I was unable to find a way to attack this vector, but was still rewarded a bounty of $500 due to Google knowing of an active browser vulnerability that allowed them to exploit it successfully.
admin.google.com Reflected Cross-Site Scripting (XSS)
Author: Brett Buerhaus
Brett Buerhaus
After learning about Google's bug bounty program, I decided to look for vulnerabilities on their most sensitive services. Finding a vulnerability on admin.google.com was challenging; I managed to find a simple, but interesting form of Cross-Site Scripting.