An Accidental SSRF Honeypot in Google Calendar
This is a story of what both I and Google engineers considered to be an SSRF vulnerability in Google Calendar – but turned out to be some...
top of page
BLOG
Search
![Is MIME Sniffing XSS a real thing? [The story of weird Google bug bounties]](https://static.wixstatic.com/media/3184af_3139539f23c04694ae8706a1112fd2f7~mv2_d_3576_2630_s_4_2.jpg/v1/fill/w_1816,h_1364,fp_0.50_0.50,q_90,enc_auto/3184af_3139539f23c04694ae8706a1112fd2f7~mv2_d_3576_2630_s_4_2.jpg)
Komodo Research
May 15, 20194 min read
Is MIME Sniffing XSS a real thing? [The story of weird Google bug bounties]
Let’s start at the end. This one got me seriously confused. It all started a few months ago when a colleague was hacking away at some...
6,049 views0 comments
Komodo Research
Mar 25, 20193 min read
Google Groups Authorization Bypass / $500 bounty
Tl;dr: I’ve recently been playing around with Google services, poking here and there for security vulnerabilities. It’s been a quite a...
2,110 views0 comments
Komodo Research
May 17, 20185 min read
THE ARMY OF THE HEADLESS BROWSERS
How Facebook infrastructure can be used to perform DDoS. As a penetration tester, examining proprietary applications and repeatedly...
120 views0 comments
bottom of page