Open in app

Sign In

Write

Sign In

lalka
lalka

67 Followers

Home

About

Sep 12, 2022

SSRF(g/vrp) for 5000$

Hi. Short writeup about finding on g/vrp. Initial scope of my interest: Google’s acquisitions(*.looker.com) Recon tools for subdomains enumeration and cleaning up noise: 1. Amass 2. subfinder 3. gau 4. github-subdomains.py from https://github.com/gwen001/github-search 5. httpx Visualization: 1. Webscreenshot from https://github.com/maaaaz/webscreenshot Entry point: https://connect.looker.com After initial payload probe in search form…

3 min read

SSRF(g/vrp) for 5000$
SSRF(g/vrp) for 5000$

3 min read


Jun 13, 2021

[Google VRP] Privilege escalation on https://dialogflow.cloud.google.com

Hi. This is a short story (because I’m lazy, yes) about my last bug for Google VRP. While testing the privilege escalation problems on https://dialogflow.cloud.google.com/ I noticed that downgrading the access level for the invited user does not work as expected. Steps to reproduce: 1. Go to https://dialogflow.cloud.google.com/#/editAgent/{project}/ settings ->…

Bug Bounty

1 min read

Bug Bounty

1 min read

lalka

lalka

67 Followers

https://t.me/ScriptKiddieNotes https://twitter.com/0x01alka https://hackerone.com/0x01alka

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech