Full Disclosure mailing list archives

Re: Google vulnerabilities with PoC

From: Brandon Perry <bperry.volatile () gmail com>
Date: Thu, 13 Mar 2014 13:16:00 -0500

Yes, these are legitimate points.

Sent from a computer

On Mar 13, 2014, at 12:43 PM, Źmicier Januszkiewicz <gauri () tut by> wrote:

: you could upload huge blobs and just take up space on the google servers.
How many people upload gigabytes of crappy videos on google servers,
hourly? So far, the DDoS didn't happen for some reason, even
considering the amount of users. There is a small potential to exploit
this via a botnet, but what's the gain? YT upload breaks? Wow, so much
win.

By the way, why not just upload some valid, generated on the fly MPEG
stream? The effect is the same if you consider the data amount, but
without all the "unrestricted" shouts and academic vulnerabilities.


2014-03-13 18:33 GMT+01:00 Brandon Perry <bperry.volatile () gmail com>:

If you were evil, you could upload huge blobs and just take up space on the google servers. Who knows what will 
happen if you upload a couple hundred gigs of files. They dont disappear, they are just unretrievable afaict. It is 
a security risk in the sense that untrusted data is being persisted *somewhere*.

Upload a couple terabytes, cause a DoS because some hdd in the DC fills up. Who knows.

Sent from a computer

On Mar 13, 2014, at 12:28 PM, Michal Zalewski <lcamtuf () coredump cx> wrote:

The only reasonable way to 'exploit' the bug is using youtube as a
"personal storage" uploading non-video files to your own profile: so what?


That would require a way to retrieve the stored data, which - as I
understand - isn't possible here (although the report seems a bit
hard-to-parse). From what I recall, you can just upload a blob of data
and essentially see it disappear.

We do have quite a few services where you can legitimately upload and
share nearly-arbitrary content, though. Google Drive is a good
example.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC antisnatchor (Mar 13)
  - Re: Google vulnerabilities with PoC Michal Zalewski (Mar 13)
    - Re: Google vulnerabilities with PoC Brandon Perry (Mar 13)
    - Re: Google vulnerabilities with PoC Michal Zalewski (Mar 13)
    - Re: Google vulnerabilities with PoC Źmicier Januszkiewicz (Mar 13)
    - Re: Google vulnerabilities with PoC Brandon Perry (Mar 13)
    - Re: Google vulnerabilities with PoC andfarm (Mar 13)
    - Re: Google vulnerabilities with PoC Hugh Davenport (Mar 13)
    - Re: Google vulnerabilities with PoC J. Tozo (Mar 13)
    - Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
    - Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
    - Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Julius Kivimäki (Mar 13)
  - Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
    - Re: Google vulnerabilities with PoC Julius Kivimäki (Mar 13)
    - Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)

(Thread continues...)