Full Disclosure mailing list archives
Re: Fwd: Google vulnerabilities with PoC
From: Krzysztof Kotowicz <kkotowicz+fd () gmail com>
Date: Fri, 14 Mar 2014 21:40:22 +0100
2014-03-14 20:28 GMT+01:00 Nicholas Lemonias. <lem.nikolas () googlemail com>:
Then that also means that firewalls and IPS systems are worthless. Why spend so much time protecting the network layers if a user can send any file of choice to a remote network through http...
No, they are not worthless per se, but of course for an user content publishing service they need to allow file upload over HTTP/s. How far those files are inspected and later processed is another question - and that could lead to a vulnerability that you DIDN'T demonstrate. You just uploaded a .sh file. There's no harm in that as nowhere did you prove that that file is being executed. Similarly (and that has been pointed out in this thread) you could upload a PHP-GIF polyglot file to a J2EE application - no vulnerability in this. Prove something by overwriting a crucial file, tricking other user's browser to execute the file as HTML from an interesting domain (XSS), popping a shell, triggering XXE when the file is processed as XML, anything. Then that is a vulnerability. So far - sorry, it is not, and you've been told it repeatedly. As for the uploaded files being persistent, there is evidence of that. For
instance a remote admin could be tricked to execute some of the uploaded files (Social Engineering).
Come on, seriously? Social Engineering can make him download this file from pastebin just as well. That's a real stretch. IMHO it is not a security issue. You're uploading a file to some kind of processing queue that does not validate a file type, but nevertheless only processes those files as video - there is NO reason to suspect otherwise, and I'd like to be proven wrong here. Proven as in PoC.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: Google vulnerabilities with PoC, (continued)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Krzysztof Kotowicz (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC R D (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Julius Kivimäki (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Krzysztof Kotowicz (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Michal Zalewski (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: Fwd: Google vulnerabilities with PoC Colette Chamberland (Mar 15)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC David H (Mar 15)
- Re: Fwd: Google vulnerabilities with PoC antisnatchor (Mar 15)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: Fwd: Google vulnerabilities with PoC R D (Mar 14)