On Mar 13, 2014, at 10:33, Brandon Perry wrote:
> If you were evil, you could upload huge blobs and just take up space on the
> google servers. Who knows what will happen if you upload a couple hundred
> gigs of files. They dont disappear, they are just unretrievable afaict. It is
> a security
On 2013-08-22, at 12:02, Ryan Dewhurst wrote:
> I presume you could use CSRF and then XMLHttpRequest to set the
> X-Forwarded-For and
> User-Agent header.
XMLHttpRequest cannot set those headers for a cross-origin request. So you
could only attack your own site that way.
On 2013-08-07, at 09:08, king cope
wrote:
> SymLinksIfOwnerMatch will not help in this attack scenario because the
> .htaccess file overwrites this Options directive
AllowOverride can be used to prevent this as well by specifying a set of values
for Options which does not include FollowSymlinks
On 2013-02-17, at 17:21, Vulnerability Lab
wrote:
> A code lock bypass vulnerability via iOS as glitch is detected in the
> official Apple iOS v6.1 (10B143) for iPad & iPhone.
Did you actually test the exploit on the iPad? I'm guessing you didn't, because
the iPad has no emergency call function
On 2012-12-03, at 17:40, Seth Arnold wrote:
> Their documentation is extremely clear that their software should only
> ever be used locally:
>
> If their webserver binds to anything other than localhost then I'll
> quickly agree that this is a misconfiguration and a security problem.
>
> But if
On 2012-07-30, at 07:41, Pablo Ximenes wrote:
> I'd like to share with you one of my findings that failed to get
> Google's Security Reward. Although Google doesn't consider it a
> security problem, some might find it at least amusing if not
> interesting.
>From the linked article, http://ximen.e