*You are wrong about accessing the files. What has not been confirmed is remote code execution. We are working on it.* *And please, OWASP is recognised worldwide... *
*Files can be accessed through Google Take out with a little bit of skills.* *https://www.google.com/settings/takeout <https://www.google.com/settings/takeout> * On Thu, Mar 13, 2014 at 4:09 PM, Julius Kivimäki <julius.kivim...@gmail.com>wrote: > Did you even read that article? (Not that OWASP has any sort of > credibility anyways). From what I saw in your previous post you are both > unable to execute the files or even access them and thus unable to > manipulate the content-type the files are returned with, therefore there is > no vulnerability (According to the article you linked.). > > BTW, you should look for more cool vulnerabilities in amazons EC2, I'm > sure you will find some "Unrestricted File Upload" holes. > > > 2014-03-13 16:18 GMT+02:00 Nicholas Lemonias. <lem.niko...@googlemail.com> > : > > Here is your answer. >> https://www.owasp.org/index.php/Unrestricted_File_Upload >> >> >> On Thu, Mar 13, 2014 at 1:39 PM, Julius Kivimäki < >> julius.kivim...@gmail.com> wrote: >> >>> When did the ability to upload files of arbitrary types become a >>> security issue? If the file doesn't get executed, it's really not a >>> problem. (Besides from potentially breaking site layout standpoint.) >>> >>> >>> 2014-03-13 12:43 GMT+02:00 Nicholas Lemonias. < >>> lem.niko...@googlemail.com>: >>> >>>> Google vulnerabilities uncovered... >>>> >>>> >>>> >>>> http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/