Hello... I am an IT security expert for the Emirates National Oil Company. Google is my favourite search engine by far. Now I just read the report about the unrestricted upload issue and I think that the author is right that it is a securityproblem.This is a vulnerability because file name
. This happens because of the
same origin policy problem in browsers that cannot say if js execution it
different for two different sites.
Sincerely ,
T. Imbrahim
--- lcam...@coredump.cx wrote:
From: Michal Zalewski lcam...@coredump.cx
To: M Kirschbaum pr...@yahoo.co.uk
Cc: full-disclosure
Is this treated with the same way that says that Remote File Inclusion is not a
security issue ?
You don't follow? Implying ?
I understand why nobody likes Google. If I 've found a vulnerability and been
treated like that for trying to help, I would rather sell it to the black
market or to
The thread read Google vulnerabilities with PoC. From my understanding it was
a RFI vulnerability on YouTube, and I voiced my support that this is a
vulnerability.
I also explained a JSON Hijacking case as a follow up, and you said you didn't
follow. So I am just saying that treating
: [Full-disclosure] Fwd: Google vulnerabilities with PoCDate: Mon, 17 Mar 2014 09:24:08 +
On 16 Mar 2014 23:36, "T Imbrahim" timbra...@techemail.com wrote:
The thread read Google vulnerabilities with PoC. From my understanding it was a RFI vulnerability on YouTube, and I voiced
Hey,
At least to me I am security paranoid. Remote File Inclusion of files to a
trusted network, seems like a well backed up vulnerability. I think we are
talking about Google here not your favourite's pizza website. I personally
congratulate to the author for finding it, whether probing it or