Full Disclosure mailing list archives
Re: Make requests through Google servers
From: adam <adam () papsy net>
Date: Sun, 28 Aug 2011 18:30:48 -0500
Interesting. I'm especially curious if it could be used to scrape Google services (e.g. search results) without being picked up by filters (due to it being a Google operated IP address). I also wonder how far recursively it'd go - would it be possible to use one of those URLs to attack itself? On Sun, Aug 28, 2011 at 6:16 PM, R00T_ATI <r00t_ati () ihteam net> wrote:
ABSTRACT: The vulnerable pages are *“/_/sharebox/linkpreview/“* and *“gadgets/proxy? “* Is possible to request any file type, and G+ will download and show all the content. So, if you parallelize so many requests, is possible to *DDoS*any site with *Google bandwidth*. Is also possible to start the *attack* without be logged in G+. Article link: http://www.ihteam.net/advisory/make-requests-through-google-servers-ddos/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Make requests through Google servers R00T_ATI (Aug 28)
- Make requests through Google servers R00T_ATI (Aug 28)
- Re: Make requests through Google servers adam (Aug 28)
- <Possible follow-ups>
- Re: Make requests through Google servers Ryan Dewhurst (Aug 28)