Re: Google vulnerabilities with PoC

[Julius Kivimäki <julius.kivimaki () gmail com>]

Did you even read that article? (Not that OWASP has any sort of credibility
anyways). From what I saw in your previous post you are both unable to
execute the files or even access them and thus unable to manipulate the
content-type the files are returned with, therefore there is no
vulnerability (According to the article you linked.).

BTW, you should look for more cool vulnerabilities in amazons EC2, I'm sure
you will find some "Unrestricted File Upload" holes.


2014-03-13 16:18 GMT+02:00 Nicholas Lemonias. <lem.nikolas () googlemail com>:

> Here is your answer.
> https://www.owasp.org/index.php/Unrestricted_File_Upload
>
>
> On Thu, Mar 13, 2014 at 1:39 PM, Julius Kivimäki <
> julius.kivimaki () gmail com> wrote:
>
> > When did the ability to upload files of arbitrary types become a security
> > issue? If the file doesn't get executed, it's really not a problem.
> > (Besides from potentially breaking site layout standpoint.)
> >
> >
> > 2014-03-13 12:43 GMT+02:00 Nicholas Lemonias. <lem.nikolas () googlemail com
> > > :
> >
> > > Google vulnerabilities uncovered...
> > >
> > >
> > >
> > > http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/