bug-bounty404
google392
xss350
microsoft305
facebook274
apple184
exploit182
rce174
malware136
cve107
account-takeover94
csrf86
browser85
writeup69
privilege-escalation66
phishing61
dos60
react59
supply-chain56
bragging-post55
authentication-bypass53
node51
cloudflare51
ssrf49
docker48
aws48
access-control46
reverse-engineering45
smart-contract45
web344
ethereum43
defi42
pentest41
oauth41
sql-injection40
idor35
lfi35
race-condition33
info-disclosure33
smart-contract-vulnerability32
cloud31
buffer-overflow30
wordpress29
auth-bypass29
clickjacking29
subdomain-takeover27
solidity27
vulnerability-disclosure25
web-application24
sqli23
0
6/10
bug-bounty
Writeup of three bugs submitted to Google VRP: a reflected XSS in artsexperiments.withgoogle.com discovered via ParamSpider and kxss automation, and two IDORs in AppSheet endpoints where access control could be bypassed—one requiring a specific version parameter to exploit. The author details the discovery process, initial rejections, and eventual acceptance with $500 bounties awarded.
xss
idor
reflected-xss
automation
subdomain-enumeration
parameter-discovery
bug-bounty
google-vrp
appsheet
withgoogle
Google VRP
AppSheet
ParamSpider
kxss
artsexperiments.withgoogle.com
appsheet.com
Sudhanshu Rajbhar