Hey,
At least to me I am security paranoid. Remote File Inclusion of files to a
trusted network, seems like a well backed up vulnerability. I think we are
talking about Google here not your favourite's pizza website. I personally
congratulate to the author for finding it, whether probing it or
Re: [Full-disclosure] Fwd: Google vulnerabilities with PoCDate: Mon, 17 Mar 2014 09:24:08 +0000
On 16 Mar 2014 23:36, "T Imbrahim" <timbra...@techemail.com> wrote:
>
> The thread read Google vulnerabilities with PoC. From my understanding it was a RFI vulnerability on
The thread read Google vulnerabilities with PoC. From my understanding it was
a RFI vulnerability on YouTube, and I voiced my support that this is a
vulnerability.
I also explained a JSON Hijacking case as a follow up, and you said you didn't
follow. So I am just saying that treating securit
Is this treated with the same way that says that Remote File Inclusion is not a
security issue ?
You don't follow? Implying ?
I understand why nobody likes Google. If I 've found a vulnerability and been
treated like that for trying to help, I would rather sell it to the black
market or to s
y if js execution it
different for two different sites.
Sincerely ,
T. Imbrahim
--- lcam...@coredump.cx wrote:
From: Michal Zalewski
To: M Kirschbaum
Cc: "full-disclosure@lists.grok.org.uk"
Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Date: Sat, 15 Mar 2014 09:46
Hello... I am an IT security expert for the Emirates National Oil Company. Google is my favourite search engine by far. Now I just read the report about the unrestricted upload issue and I think that the author is right that it is a security problem. This is a vulnerability because file name exte