bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability
A researcher discovered a Server-Side Request Forgery (SSRF) vulnerability in Google Sites' Caja server that allowed fetching arbitrary resources from Google's internal Borg cluster management network, exposing sensitive information about internal infrastructure including job details, system users, and resource allocation. The vulnerability was reported to Google's VRP and patched within 48 hours.
ssrf
server-side-request-forgery
xss
cross-site-scripting
google-caja
google-sites
internal-network
borg
cluster-management
information-disclosure
vulnerability-disclosure
google-app-engine
private-ip
borglet
kubernetes
container-security
gvisor
Google
Google Sites
Google Caja
Google App Engine
Borg
Kubernetes
Gvisor
Google VRP
MapReduce
BitTable
Flume
GFS
0
1/10
bragging-post
A brief mention of a $36,000 bug bounty for a remote code execution vulnerability in Google App Engine, but with no technical details provided.
Google
Google App Engine