Full Disclosure mailing list archives
Re: Fwd: Google vulnerabilities with PoC
From: Mario Vilas <mvilas () gmail com>
Date: Mon, 17 Mar 2014 16:25:05 +0100
On Mon, Mar 17, 2014 at 3:11 PM, Ulisses Montenegro < ulisses.montenegro () gmail com> wrote:
Should YouTube restrict file uploads to known valid mime types? Sure, but that's only how you got the data in there to begin with. It's what happens after the data is in that will make all the difference.
At this point I'm not even sure the data isn't being restricted - it just may be that the data type is checked again after it gets pulled out of the queue for processing, and if it's not a video it gets discarded. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.”
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: Google vulnerabilities with PoC, (continued)
- Re: Fwd: Google vulnerabilities with PoC Pedro Ribeiro (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Źmicier Januszkiewicz (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Pedro Ribeiro (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Pedro Ribeiro (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC T Imbrahim (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Gichuki John Chuksjonia (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Joxean Koret (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC T Imbrahim (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Ulisses Montenegro (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 17)
- Re: Fwd: Google vulnerabilities with PoC Mario Vilas (Mar 17)