Publicly disclosed vulnerability reports and bug write-ups.
It's been a few months since my last personal blogpost, which chronicled two reflected cross-site scripting vulnerabilities in Google Play. This time, we'll explore two stored cross-site scripting bugs since remediated by Google: the first in App Maker for G Suite organisations, and the second in the brand new Colaboratory platform.…Yasin Soliman
I've been working hard on Google's Vulnerability Reward Program over the past few weeks, partly inspired by an enjoyable experience with Capture The Flag. After hinting at a VRP writeup release back in June, I'm excited to share a pair of XSS bugs on Google Play (one of Google's Category Two "Highly Sensitive" web properties).…Yasin Soliman