|
Full Disclosure
mailing list archives
Re: Fwd: Google vulnerabilities with PoC
From: Mario Vilas <mvilas () gmail com>
Date: Mon, 17 Mar 2014 16:25:05 +0100
On Mon, Mar 17, 2014 at 3:11 PM, Ulisses Montenegro <
ulisses.montenegro () gmail com> wrote:
Should YouTube restrict file uploads to known valid mime types? Sure, but
that's only how you got the data in there to begin with. It's what happens
after the data is in that will make all the difference.
At this point I'm not even sure the data isn't being restricted - it just
may be that the data type is checked again after it gets pulled out of the
queue for processing, and if it's not a video it gets discarded.
--
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Fwd: Google vulnerabilities with PoC, (continued)
Re: Fwd: Google vulnerabilities with PoC T Imbrahim (Mar 17)
Re: Fwd: Google vulnerabilities with PoC Joxean Koret (Mar 17)
Re: Fwd: Google vulnerabilities with PoC T Imbrahim (Mar 17)
| 
