Intro – Testing Google Sites and Google Caja In March 2018, I reported an XSS in Google Caja, a tool to securely embed arbitrary html/javascript in a webpage. In May 2018, after the XSS was fixed, I realised that Google Sites was using an unpatched version of Google Caja, so I looked if it was vulnerable to the XSS. However, the XSS wasn’t exploitable there. Google Caja parses html/javascript and
![Into the Borg – SSRF inside Google production network | OpnSec](https://cdn-ak-scissors.b.st-hatena.com/image/square/69ba3fbbb0a935bdbd12a60fc286d27aae13ef49/height=288;version=1;width=512/https%3A%2F%2Fopnsec.com%2Fwp-content%2Fuploads%2F2018%2F07%2Fborg2-1024x498.png)