that you're right.
Maybe you can create the next LOIC specifically tailored to DoS Youtube
with this serious bug, ROFL!
Cheers
antisnatchor
Nicholas Lemonias. wrote:
If you wish to talk seriously about the problem, please send me an email
privately. And we can talk about what we have found so far
don't have a clue.
Cheers
antisnatchor
Mario Vilas wrote:
I believe Zalewski has explained very well why it isn't a vulnerability,
and you couldn't possibly be calling him hostile. :)
On Sat, Mar 15, 2014 at 11:20 AM, M Kirschbaum pr...@yahoo.co.uk wrote:
I have been watching this thread
to pay you
for such a bug. Same with this bug.
Cheers
antisnatchor
On Fri, Mar 14, 2014 at 6:04 AM, Jerome Athias athiasjer...@gmail.comwrote:
Hi
I concur that we are mainly discussing a terminology problem.
In the context of a Penetration Test or WAPT, this is a Finding.
Reporting
LOL you're hopeless.
Good luck with your business. Brave customers!
Cheers
antisnatchor
Nicholas Lemonias. wrote:
People can read the report if they like. Can't you even do basic
things like reading a vulnerability report?
Can't you see that the advisory is about writing arbitrary files
...@googlemail.com
Date: Fri, Mar 14, 2014 at 5:58 PM
Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities
with PoC
To: antisnatchor antisnatc...@gmail.com
mailto:antisnatc...@gmail.com
Says the script kiddie... Beg for some publicity. My customers
at 5:58 PM
Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities
with PoC
To: antisnatchor antisnatc...@gmail.com
mailto:antisnatc...@gmail.com
Says the script kiddie... Beg for some publicity. My
customers are FTSE
file upload functionality in a
PHP application on Apache that expects files with extension .png only,
and you manage to upload an .asp file. Security-wise that's not a risk.
Cheers
antisnatchor
Nicholas Lemonias. wrote:
Google vulnerabilities uncovered...
http://news.softpedia.com/news/Expert
Nice one Nick,
great job eheh :D
Cheers
antisnatchor
Nicolas GrégoireMarch 8, 2013 10:12 AM
Hi!I published last week a blog
post describing the results of the XSLTfuzzing campaign I did in
2012. Now that most of the discoveredvulnerabilities are patched,
I've chosen to give away
certificates and so on :D
Cheers
antisnatchor
Michal ZalewskiJanuary 27, 2013 7:17 PM
OGMMM WTFF 0DAY XSSSorry, getting a bit tired of
these.Well, the world is changing. You
can probably do a lot more direct damage with a (legit) XSS in a
high-value site than with a local privilege
