Full Disclosure mailing list archives
Re: Google vulnerabilities with PoC
From: M Kirschbaum <pr0ix () yahoo co uk>
Date: Sat, 15 Mar 2014 10:20:20 +0000 (GMT)
I have been watching this thread for a while and I think some people are being hostile here. There is nothing to gain being on eithers side but for the sake of security. As a penetration tester, writer, and malware analyst with a long and rewarding career...it would be absurd to admit that this is not a vulnerability. If the content-type fields can be altered and the API accepts it that is undoubtedly a vulnerability, I believe that it shouldn't be there. It would be a shame to say that this is not a security problem. I have seen different responses on this thread but having seen the proof of concept images as well I just think that some of the people commenting here are just being hostile. It doesn't take much for somebody in the field, to see clearly that Google does not want to pay. And I bet any amount of money that the bug bounty program is a way for filing potential threats by name and bank details. Rgds, M. Kirschbaum
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: Google vulnerabilities with PoC, (continued)
- Re: Fwd: Google vulnerabilities with PoC R D (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 14)
- Message not available
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC William Scott Lockwood III (Mar 15)
- Message not available
- Re: Fwd: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 14)
- Re: Fwd: Google vulnerabilities with PoC Brian M. Waters (Mar 15)
- Re: Fwd: Google vulnerabilities with PoC Michal Zalewski (Mar 15)
- Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: Google vulnerabilities with PoC antisnatchor (Mar 15)
- Re: Google vulnerabilities with PoC M Kirschbaum (Mar 15)
- Re: Google vulnerabilities with PoC Gynvael Coldwind (Mar 15)
- Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: Google vulnerabilities with PoC M Kirschbaum (Mar 16)
- Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Thomas Williams (Mar 16)
- Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
- Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Stefan Jon Silverman (Mar 15)