Football field? More like dodgeball !!! On Wed, Jan 26, 2011 at 10:33 AM, IEhrepus <5up3r...@gmail.com> wrote:
> Long, long time ago, we heard an interesting legend is www.google.com > will Pay for its vulnerability,so we want to try ... > > lucky,A vulnerability has been caught by my friend > PZ[http://hi.baidu.com/p__z], this vul is base on 《Hacking with mhtml > protocol handler》[ > http://www.80vul.com/mhtml/Hacking%20with%20mhtml%20protocol%20handler.txt > ]: > > mhtml:http://www.google.com/gwt/n?u=[mhtml file url]!xxxx > > we are very happy,so we post it to secur...@google.com for the legend > :)[2011/01/23].We got a reply soon [2011/01/24]: > > --------------------------------------------------- > Hi Pavel, > > Nice catch! I’ve filed a bug internally and will keep you in the loop > as things progress. > > Regards, > xxx- Google Security Team > -------------------------------------------------- > > but ..... > > ------------------------------------------------- > Hi Pavel, > > The panel has determined this doesn't qualify for a reward for 2 reasons: > > 1) A very close variant was publicly disclosed on 21 Jan: > http://www.wooyun.org/bugs/wooyun-2010-01199 > 2) Technically, it's not a bug in Google, it's really a big in IE. > > Cheers, > xxx, Google Security Team > ----------------------------------------------- > > and Today we test the vul again ,it has been fixed .[2011/01/26] > > Thus, we understand the unspoken rules of this, This is a football > game, the vulnerability is the ball , MS and GG are the players > > > ----by superhei from http://www.80vul.com > > > > > hitest > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
