Full Disclosure mailing list archives
Re: full name disclosure information leak in google drive
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 21 Jan 2015 15:16:50 -0600
On Wed, Jan 21, 2015 at 2:26 PM, kevin mcsheehan <kevin () mcsheehan com> wrote:
exploit title: full name disclosure information leak in google drive software link: https://drive.google.com/drive/#my-drive author: kevin mcsheehan website: http://mcsheehan.com email: kevin () mcsheehan com date: 01/20/15 source: http://mcsheehan.com/?p=15 description: google drive leaks the full name of a target email address when said email address is associated with an uploaded file. the full name is displayed whether or not the target has made that information publicly accessible by creating a google plus account.
I'm pretty sure Google doesn't consider this sort of thing a vulnerability. Here's their "it's not a bug" page for it: https://sites.google.com/site/bughunteruniversity/nonvuln/discover-your-name-based-on-e-mail-address Dan _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
- Re: full name disclosure information leak in google drive Daniel Miller (Jan 21)
- Re: full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
- Re: full name disclosure information leak in google drive forgottenpassword (Jan 22)
- Re: full name disclosure information leak in google drive kevin mcsheehan (Jan 21)
- Re: full name disclosure information leak in google drive Daniel Miller (Jan 21)