Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google vulnerabilities with PoC

From: Pedro Ribeiro <pedrib () gmail com>
Date: Thu, 13 Mar 2014 13:52:00 +0000
Keep in mind that YouTube allows files to be uploaded by definition. What
you have achieved is upload a file for an extension type that is not
allowed.
It is definitely a vulnerability but a low risk one since you haven't
demonstrated if it has any ill effects.

Can you somehow find the URL to where the file was uploaded? I would guess
not, since a well designed service like YouTube should hide those details
and no leak them in any way. Maybe if you are able to find that you can
combine with this vulnerability and get them to open their wallet?

Regards
Pedro
On 13 Mar 2014 11:50, "Nicholas Lemonias." <lem.nikolas () googlemail com>
wrote:


Google vulnerabilities uncovered...



http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: