Full Disclosure mailing list archives
Re: Fwd: Google vulnerabilities with PoC
From: M Kirschbaum <pr0ix () yahoo co uk>
Date: Sat, 15 Mar 2014 03:17:35 +0000 (GMT)
The thread starter is right about this. It is a vulnerability, and I think Google should start considering this. The JSON service responds to GET requests , and there is a good chance that the service is also vulnerable to JSON Hijacking attacks. As a professional penetration tester , I believe that Google was false not to award this.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: Google vulnerabilities with PoC, (continued)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC J. Tozo (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC R D (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 14)
- Message not available
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC William Scott Lockwood III (Mar 15)
- Message not available
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Brian M. Waters (Mar 15)
- Re: Fwd: Google vulnerabilities with PoC Michal Zalewski (Mar 15)
- Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: Google vulnerabilities with PoC antisnatchor (Mar 15)
- Re: Google vulnerabilities with PoC M Kirschbaum (Mar 15)
- Re: Google vulnerabilities with PoC Gynvael Coldwind (Mar 15)
- Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: Google vulnerabilities with PoC M Kirschbaum (Mar 16)
- Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Thomas Williams (Mar 16)