Mario has years of experience (more than 10 in fact) in exploit writing
and vulnerability assessment. I would consider his position on the subject.
If you don't believe me, Argentina extended me certifications that
proves that I can tell who has vulnerability assesment skills and who
does not.
Not even you are sure this is a real vulnerability. It is not.
On 03/14/2014 03:36 PM, Alfredo Ortega wrote:
Mario has years of experience (more than 10 in fact) in exploit writing
and vulnerability assessment. I would consider his position on the subject.
If you don't believe me, Argentina
If he can change the mime type, then he indeed may have an attack
vector, e.g. he could upload a complete youtube-lookalike site and
snatch credentials. If you can access the fake site via HTTPS with a
youtube cert, it's an obvious vulnerability.
On 03/14/2014 07:05 AM, Mario Vilas wrote: