|
Full Disclosure
mailing list archives
Re: Google vulnerabilities with PoC
From: Pedro Ribeiro <pedrib () gmail com>
Date: Thu, 13 Mar 2014 13:52:00 +0000
Keep in mind that YouTube allows files to be uploaded by definition. What
you have achieved is upload a file for an extension type that is not
allowed.
It is definitely a vulnerability but a low risk one since you haven't
demonstrated if it has any ill effects.
Can you somehow find the URL to where the file was uploaded? I would guess
not, since a well designed service like YouTube should hide those details
and no leak them in any way. Maybe if you are able to find that you can
combine with this vulnerability and get them to open their wallet?
Regards
Pedro
On 13 Mar 2014 11:50, "Nicholas Lemonias." <lem.nikolas () googlemail com>
wrote:
Google vulnerabilities uncovered...
http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Google vulnerabilities with PoC Pedro Ribeiro (Mar 13)
Re: Google vulnerabilities with PoC Georgi Guninski (Mar 15)
Re: Google vulnerabilities with PoC Nicholas Lemonias. (Mar 13)
Re: Fwd: Google vulnerabilities with PoC Chris Thompson (Mar 15)
(Thread continues...)
| 
