1 minute read When I was searching for a vulnerability in google DNS from Google Cloud, I came across this article by Julien Ahrens. The article is about an SSRF vulnerability in the Google website https://toolbox.googleapps.com, so I started researching this site. Simple research ⇾ XSS The site has many apps, all of them are listed inside the robots.txt file: #apps-toolbox User-Agent: * Allow: /apps/main Allow: /apps/browserinfo Allow: /apps/checkmx Allow: /apps/dig Allow: /apps/har_analyzer Al...