Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Fwd: Google vulnerabilities with PoC
From: Mario Vilas <mvilas () gmail com>
Date: Mon, 17 Mar 2014 16:25:05 +0100

On Mon, Mar 17, 2014 at 3:11 PM, Ulisses Montenegro <
ulisses.montenegro () gmail com> wrote:

Should YouTube restrict file uploads to known valid mime types? Sure, but
that's only how you got the data in there to begin with. It's what happens
after the data is in that will make all the difference.

At this point I'm not even sure the data isn't being restricted - it just
may be that the data type is checked again after it gets pulled out of the
queue for processing, and if it's not a video it gets discarded.

“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]