Full Disclosure mailing list archives
Re: Google vulnerabilities with PoC
From: "Nicholas Lemonias." <lem.nikolas () googlemail com>
Date: Thu, 13 Mar 2014 21:30:38 +0000
We confirm this to be a valid vulnerability for the following reasons. The access control subsystem is defeated, resulting to arbitrary write access of any file of choice. 1. You Tube defines which file types are permitted to be uploaded. 2. Exploitation is achieved by circumvention of web-based security controls (namely http forms, which is a weak security measure). However, exploitation of the issue results to unrestricted file uploads (any file of choice ). Remote code execution may be possible either through social engineering , or by stochastically rewriting an existing file-structure in the CDN. 3. This directly impacts the integrity of the service since modification of information occurs by circumvention. Renaming the uploaded files can be achieved through YouTube's inherent video manager. 4. Denial of Service attacks are feasible since we bypass all security restrictions. This directly impacts the availability of the service. 5. Malware propagation is possible, if the planted code get's executed through social engineering or by re-writing a valid file system structure. 6) All uploaded files can be downloaded through Google Take Out, if past the Content ID filtering algorithm (through file header obfuscation and encryption). Best Regards, Nicholas Lemonias Advanced Information Security Corp.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Google vulnerabilities with PoC, (continued)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Google vulnerabilities with PoC Michal Zalewski (Mar 13)
- Re: Google vulnerabilities with PoC Mario Vilas (Mar 14)
- Re: Google vulnerabilities with PoC Alfredo Ortega (Mar 14)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
- Re: Google vulnerabilities with PoC Pedro Ribeiro (Mar 14)
- Re: Google vulnerabilities with PoC Gichuki John Chuksjonia (Mar 15)
- Re: Google vulnerabilities with PoC Mario Vilas (Mar 14)
- Message not available
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Chris Thompson (Mar 14)
- Message not available
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC J. Tozo (Mar 14)