OWASP is recognized worldwide, so is CEH and a bunch of other morons. That doesn't mean their publications are worth anything. Now tell me, why would arbitrary file upload on a CDN lead to code execution (Besides for HTML, which you have been unable to confirm)?
2014-03-13 18:16 GMT+02:00 Nicholas Lemonias. <lem.niko...@googlemail.com>: > *You are wrong about accessing the files. What has not been confirmed is > remote code execution. We are working on it.* > *And please, OWASP is recognised worldwide... * > > *Files can be accessed through Google Take out with a little bit of > skills.* > > *https://www.google.com/settings/takeout > <https://www.google.com/settings/takeout> * > > > > > On Thu, Mar 13, 2014 at 4:09 PM, Julius Kivimäki < > julius.kivim...@gmail.com> wrote: > >> Did you even read that article? (Not that OWASP has any sort of >> credibility anyways). From what I saw in your previous post you are both >> unable to execute the files or even access them and thus unable to >> manipulate the content-type the files are returned with, therefore there is >> no vulnerability (According to the article you linked.). >> >> BTW, you should look for more cool vulnerabilities in amazons EC2, I'm >> sure you will find some "Unrestricted File Upload" holes. >> >> >> 2014-03-13 16:18 GMT+02:00 Nicholas Lemonias. <lem.niko...@googlemail.com >> >: >> >> Here is your answer. >>> https://www.owasp.org/index.php/Unrestricted_File_Upload >>> >>> >>> On Thu, Mar 13, 2014 at 1:39 PM, Julius Kivimäki < >>> julius.kivim...@gmail.com> wrote: >>> >>>> When did the ability to upload files of arbitrary types become a >>>> security issue? If the file doesn't get executed, it's really not a >>>> problem. (Besides from potentially breaking site layout standpoint.) >>>> >>>> >>>> 2014-03-13 12:43 GMT+02:00 Nicholas Lemonias. < >>>> lem.niko...@googlemail.com>: >>>> >>>>> Google vulnerabilities uncovered... >>>>> >>>>> >>>>> >>>>> http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml >>>>> >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>> >>>> >>> >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/