An Accidental SSRF Honeypot in Google Calendar
This is a story of what both I and Google engineers considered to be an SSRF vulnerability in Google Calendar – but turned out to be some...
top of page
BLOG
Search
![Is MIME Sniffing XSS a real thing? [The story of weird Google bug bounties]](https://static.wixstatic.com/media/3184af_3139539f23c04694ae8706a1112fd2f7~mv2_d_3576_2630_s_4_2.jpg/v1/fill/w_454,h_341,fp_0.50_0.50,q_90,enc_auto/3184af_3139539f23c04694ae8706a1112fd2f7~mv2_d_3576_2630_s_4_2.jpg)
Komodo Research
- May 15, 2019
- 4 min
Is MIME Sniffing XSS a real thing? [The story of weird Google bug bounties]
Let’s start at the end. This one got me seriously confused. It all started a few months ago when a colleague was hacking away at some...
5,637 views0 comments
Komodo Research
- Mar 25, 2019
- 3 min
Google Groups Authorization Bypass / $500 bounty
Tl;dr: I’ve recently been playing around with Google services, poking here and there for security vulnerabilities. It’s been a quite a...
1,992 views0 comments
Komodo Research
- May 17, 2018
- 5 min
THE ARMY OF THE HEADLESS BROWSERS
How Facebook infrastructure can be used to perform DDoS. As a penetration tester, examining proprietary applications and repeatedly...
107 views0 comments
bottom of page