Full Disclosure: Re: Fwd: Google vulnerabilities with PoC

Re: Fwd: Google vulnerabilities with PoC

From: M Kirschbaum <pr0ix () yahoo co uk>
Date: Sat, 15 Mar 2014 03:17:35 +0000 (GMT)

The thread starter is right about this. It is a vulnerability, and I think Google should start considering this.
 
The JSON service responds to GET requests , and there is a good chance that the service is also vulnerable to JSON 
Hijacking attacks.
 
As a professional penetration tester , I believe that Google was false not to award this.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Fwd: Google vulnerabilities with PoC, (continued)
- Re: Fwd: Google vulnerabilities with PoC M Kirschbaum (Mar 15)
  - Re: Fwd: Google vulnerabilities with PoC Michal Zalewski (Mar 15)
- Re: Google vulnerabilities with PoC M Kirschbaum (Mar 15)
  - Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
    - Re: Google vulnerabilities with PoC antisnatchor (Mar 15)
    - Re: Google vulnerabilities with PoC M Kirschbaum (Mar 15)
    - Re: Google vulnerabilities with PoC Gynvael Coldwind (Mar 15)
    - Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
    - Re: Google vulnerabilities with PoC M Kirschbaum (Mar 16)
    - Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
    - Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Thomas Williams (Mar 16)
(Thread continues...)