It’s been a while since I’ve published my last article, this is mainly because I’m currently working on a nice project overseas in Asia and enjoying this relaxed life here a little bit. Therefore I also keep this blog post a little short, because it’s just for the record.

In early September, I stumbled - more or less accidentally - over multiple Non-Persistent Cross-Site Scripting vulnerabilities on Google’s Cloud Platform Live while I was indeed searching for a cloud solution (funnily enough), but since the proxy is always running… ;-)


I’ve sent the bug report to Google and quickly received an answer from Jose of the Google Security Team with the - among bug hunters - beloved “Nice catch!” answer. Thanks to Jose at this point for his commitment and the really transparent disclosure process. This is a good example how vulnerability coordination should be handled!

I’ve received the bug bounty payment in the meanwhile and got listed in Google’s Hall of Fame - please notice my awesome GIMP skills too ;-)


Now, I’m having some delicious Asian seafood paid by Google :-)…