Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Google vulnerabilities with PoC
From: Mario Vilas <mvilas () gmail com>
Date: Sat, 15 Mar 2014 12:11:39 +0100

I believe Zalewski has explained very well why it isn't a vulnerability,
and you couldn't possibly be calling him hostile. :)


On Sat, Mar 15, 2014 at 11:20 AM, M Kirschbaum <pr0ix () yahoo co uk> wrote:

I have been watching this thread for a while and I think some people are
being hostile here.

There is nothing to gain being on eithers side but for the sake of
security. As a penetration tester, writer, and malware analyst with a long
and rewarding career...it would be absurd to admit that this is not a
vulnerability. If the content-type fields can be altered and the API
accepts it that is undoubtedly a vulnerability, I believe that it shouldn't
be there. It would be a shame to say that this is not a security problem.
I have seen different responses on this thread but having seen the proof of
concept images as well I just think that some of the people commenting here
are just being hostile.

It doesn't take much for somebody in the field, to see clearly that Google
does not want to pay. And I bet any amount of money that the bug bounty
program is a way for filing potential threats by name and bank details.

Rgds,
M. Kirschbaum


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]