Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an Arbitrary local file read on iOS Files app via zip file and symlinks Disclaimer: Unfortunately, after 13 months of […]
Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to exfiltrate /etc/environment local variables on Google Earth Pro Desktop app on linux. Extracted from Google VRP’s report: (the actual Google VRP […]
Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about the Atlassian bug bounty program and why you can always check the basic payloads because you will surprise that some times will work: Title: XSS stored on file https://api.media.atlassian.com on iOS browsers via […]
Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an Arbitrary local macOS file read via <a> tag and null byte (%00) in Google Earth Pro Desktop app Extracted […]
Introduction: Hi everyone It’s been a while since my last post, but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to bypass some Google Cloud Monitoring protections to achieve an SSRF Background: This is just a lame “bypass” or workaround for the […]
Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an RCE as Root in Apigee (Google acquisition) Extracted from Google VRP’s report: (the actual Google VRP report) Summary: RCE […]
[ Update: this writeup was modified to participate in GCP VRP Prize 2020 Awards ] Introduction: Hi everyone It’s been a while since my last post (1 year w00t!) but I’m back, I want to tell you a short story about one of my last bug bounties, and how I escalated a simple XSS to […]
Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about why your professional background mather when you do bug bounties (in my case my job as DevOps engineer) if you know how something works, you might be able to break it. Report Summary: […]
Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about my greatest find so far (My first P1) It was in Google VRP program and why you can always check for dirs in 301 / 302 / 403 / 404 status pages because […]
Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about the Microsoft bug bounty program and why you can always check the basic payloads because you will surprise that some times will work: SPOILER ALERT: I highly recommend Miscrosoft Bug Bounty Program, in […]