lalka – Medium

Sep 12, 2022

SSRF(g/vrp) for 5000$

Hi. Short writeup about finding on g/vrp. Initial scope of my interest: Google’s acquisitions(*.looker.com) Recon tools for subdomains enumeration and cleaning up noise: 1. Amass 2. subfinder 3. gau 4. github-subdomains.py from https://github.com/gwen001/github-search 5. httpx Visualization: 1. Webscreenshot from https://github.com/maaaaz/webscreenshot Entry point: https://connect.looker.com After initial payload probe in search form…

3 min read

3 min read

Jun 13, 2021

[Google VRP] Privilege escalation on https://dialogflow.cloud.google.com

Hi. This is a short story (because I’m lazy, yes) about my last bug for Google VRP. While testing the privilege escalation problems on https://dialogflow.cloud.google.com/ I noticed that downgrading the access level for the invited user does not work as expected. Steps to reproduce: 1. Go to https://dialogflow.cloud.google.com/#/editAgent/{project}/ settings ->…

Bug Bounty

1 min read

Bug Bounty

1 min read