Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Fwd: Google vulnerabilities with PoC
From: Ulisses Montenegro <ulisses.montenegro () gmail com>
Date: Mon, 17 Mar 2014 11:11:57 -0300

Let's try some scenarios and if those can be pulled out then I'd say it's
safe to assume this is an issue:

1. Upload a webshell (in a war, php, asp[x], jsp or similar file) and have
it executed by YouTube;
2. Upload a malicious file (pdf, swf, jar or similar file which exploits a
known or unknown vulnerability in the respective aps) and have it served by
YouTube;
3. Upload a file which alters the behavior of the YouTube application
(i.e., a configuration file, HTML or Javascript template, even a UI image).

Otherwise you just uploaded a file which went into a bitbucket, but you
have no way of pulling this file out of said bitbucket in a way that can
cause harm to either the application or its users.

Should YouTube restrict file uploads to known valid mime types? Sure, but
that's only how you got the data in there to begin with. It's what happens
after the data is in that will make all the difference.



On Mon, Mar 17, 2014 at 10:47 AM, Mario Vilas <mvilas () gmail com> wrote:


On Mon, Mar 17, 2014 at 2:25 PM, T Imbrahim <TImbrahim () techemail com>wrote:

I definitely would patch my computer if I discovered that somebody could
upload files to my computer, even thought if couldn't 'probe' them.


1) I don't think you understood the meaning of the word "probe" in this
context, Nikolas,
2) Does that mean you believe Dropbox is vulnerable to remote file upload
too?


--
“There's a reason we separate military and the police: one fights
the enemy of the state, the other serves and protects the people. When
the military becomes both, then the enemies of the state tend to become the
people.”

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
“If debugging is the process of removing software bugs, then programming
must be the process of putting them in.” - *Edsger Dijkstra*
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault