It’s been a while since I’ve published my last article, this is mainly because I’m currently working on a nice project overseas in Asia and enjoying this relaxed life here a little bit. Therefore I also keep this blog post a little short, because it’s just for the record.

In early September, I stumbled – more or less accidentally – over multiple Non-Persistent Cross-Site Scripting vulnerabilities on Google’s Cloud Platform Live while I was indeed searching for a cloud solution (funnily enough), but since the proxy is always running… 😉

google-gcp-xss-0

I’ve sent the bug report to Google and quickly received an answer from Jose of the Google Security Team with the – among bug hunters – beloved “Nice catch!” answer. Thanks to Jose at this point for his commitment and the really transparent disclosure process. This is a good example how vulnerability coordination should be handled!

I’ve received the bug bounty payment in the meanwhile and got listed in Google’s Hall of Fame – please notice my awesome GIMP skills too 😉

google-gcp-xss-1

Now, I’m having some delicious Asian seafood paid by Google :-)…

Google Bug Bounty: Nice Catch on Google Cloud Platform Live
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.