Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Make requests through Google servers

From: adam <adam () papsy net>
Date: Sun, 28 Aug 2011 18:30:48 -0500
Interesting. I'm especially curious if it could be used to scrape Google
services (e.g. search results) without being picked up by filters (due to it
being a Google operated IP address).

I also wonder how far recursively it'd go - would it be possible to use one
of those URLs to attack itself?

On Sun, Aug 28, 2011 at 6:16 PM, R00T_ATI <r00t_ati () ihteam net> wrote:


 ABSTRACT:
The vulnerable pages are *“/_/sharebox/linkpreview/“* and *“gadgets/proxy?
“*
Is possible to request any file type, and G+ will download and show all the
content. So, if you parallelize so many requests, is possible to *DDoS*any site with
*Google bandwidth*. Is also possible to start the *attack* without be
logged in G+.

Article link:
http://www.ihteam.net/advisory/make-requests-through-google-servers-ddos/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: