Gynvael Coldwind,
What Alfred has reiterated is that this is a security vulnerability
irrelevantly of whether it qualifies for credit.
It is an unusual one, but still a security vulnerability. Anyone who says
otherwise is blind, has little or no experience in hands on security, or either
ha
Dear Mario,
There is nothing to gain being on either side. I have already read the thread
replies by M. Zalewski. I believe Google is false and does not honor the
security community.
Rgds,
M. Kirschbaum
On Saturday, 15 March 2014, 11:11, Mario Vilas wrote:
I believe
for filing potential threats by name and bank details.
Rgds,
M. Kirschbaum ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
The thread starter is right about this. It is a vulnerability, and I think
Google should start considering this.
The JSON service responds to GET requests , and there is a good chance that the
service is also vulnerable to JSON Hijacking attacks.
As a professional penetration tester , I belie