Did you even read that article? (Not that OWASP has any sort of credibility anyways). From what I saw in your previous post you are both unable to execute the files or even access them and thus unable to manipulate the content-type the files are returned with, therefore there is no vulnerability (According to the article you linked.).
BTW, you should look for more cool vulnerabilities in amazons EC2, I'm sure you will find some "Unrestricted File Upload" holes. 2014-03-13 16:18 GMT+02:00 Nicholas Lemonias. <lem.niko...@googlemail.com>: > Here is your answer. > https://www.owasp.org/index.php/Unrestricted_File_Upload > > > On Thu, Mar 13, 2014 at 1:39 PM, Julius Kivimäki < > julius.kivim...@gmail.com> wrote: > >> When did the ability to upload files of arbitrary types become a security >> issue? If the file doesn't get executed, it's really not a problem. >> (Besides from potentially breaking site layout standpoint.) >> >> >> 2014-03-13 12:43 GMT+02:00 Nicholas Lemonias. <lem.niko...@googlemail.com >> >: >> >>> Google vulnerabilities uncovered... >>> >>> >>> >>> http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
