Full Disclosure mailing list archives
Re: Google vulnerabilities with PoC
From: "Nicholas Lemonias." <lem.nikolas () googlemail com>
Date: Thu, 13 Mar 2014 16:16:35 +0000
*You are wrong about accessing the files. What has not been confirmed is remote code execution. We are working on it.* *And please, OWASP is recognised worldwide... * *Files can be accessed through Google Take out with a little bit of skills.* *https://www.google.com/settings/takeout <https://www.google.com/settings/takeout> * On Thu, Mar 13, 2014 at 4:09 PM, Julius Kivimäki <julius.kivimaki () gmail com>wrote:
Did you even read that article? (Not that OWASP has any sort of credibility anyways). From what I saw in your previous post you are both unable to execute the files or even access them and thus unable to manipulate the content-type the files are returned with, therefore there is no vulnerability (According to the article you linked.). BTW, you should look for more cool vulnerabilities in amazons EC2, I'm sure you will find some "Unrestricted File Upload" holes. 2014-03-13 16:18 GMT+02:00 Nicholas Lemonias. <lem.nikolas () googlemail com> : Here is your answer.https://www.owasp.org/index.php/Unrestricted_File_Upload On Thu, Mar 13, 2014 at 1:39 PM, Julius Kivimäki < julius.kivimaki () gmail com> wrote:When did the ability to upload files of arbitrary types become a security issue? If the file doesn't get executed, it's really not a problem. (Besides from potentially breaking site layout standpoint.) 2014-03-13 12:43 GMT+02:00 Nicholas Lemonias. < lem.nikolas () googlemail com>:Google vulnerabilities uncovered... http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Google vulnerabilities with PoC, (continued)
- Re: Google vulnerabilities with PoC Brandon Perry (Mar 13)
- Re: Google vulnerabilities with PoC andfarm (Mar 13)
- Re: Google vulnerabilities with PoC Hugh Davenport (Mar 13)
- Re: Google vulnerabilities with PoC J. Tozo (Mar 13)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Julius Kivimäki (Mar 13)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Julius Kivimäki (Mar 13)
- Message not available
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Julius Kivimäki (Mar 13)
- Message not available
- Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Julius Kivimäki (Mar 14)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Google vulnerabilities with PoC Michal Zalewski (Mar 13)
- Re: Google vulnerabilities with PoC Jerome Athias (Mar 13)