I emailed secur...@google.com on July 24th after discovering the
“gadgets/proxy?” bug.
I too did not receive a response.
I disclosed the vulnerability publicly on Twitter on the 25th of August.
http://twitter.com/#!/ethicalhack3r/status/106759659779670017
Ryan Dewhurst
blog www.ethicalhack3r.c
Hi guys!
I no that some of you worry that I got hit by car or sql mapped into 1992
but no I is ok!
You know, has been few years since my dog died but still i have some
problem. Normally i keep myself in control, but as soon as i have just even
one glass of wine with dinner an thats it i am go com
Interesting. I'm especially curious if it could be used to scrape Google
services (e.g. search results) without being picked up by filters (due to it
being a Google operated IP address).
I also wonder how far recursively it'd go - would it be possible to use one
of those URLs to attack itself?
On
ABSTRACT:
The vulnerable pages are /"*/_/sharebox/linkpreview/*"/ and
/"*gadgets/proxy?*"/
Is possible to request any file type, and G+ will download and show all
the content. So, if you parallelize so many requests, is possible to
*DDoS* any site with *Google bandwidth*. Is also possible to start
On 8/28/2011 6:52 PM, Juan Sacco wrote:
> This isnt a company making a big product, Im doing this because I like
> doing it.
Good for you. I think that is great. But you are pretending to be a "big
company." Stop that.
I am happy to see you removed that silly donation-for-download scheme.
> I'
ABSTRACT:
The vulnerable pages are /"*/_/sharebox/linkpreview/*"/ and
/"*gadgets/proxy?*"/
Is possible to request any file type, and G+ will download and show all
the content. So, if you parallelize so many requests, is possible to
*DDoS* any site with *Google bandwidth*. Is also possible to start
INSECT Pro uses native exploits and these are taken from the Internet,
modified and tested to work with our tool, the sources of these exploits
are exploit-db and securityfocus in most cases. Also has support for
some modules of metasploit.
If you look at INSECT PRO exploit description you coul
On 27/08/2011 23:12, Dan Dart wrote:
> Looks like it's freeWARE but not free per se.
> With the added disadvantage that it runs on none of the platforms I use.
> How sad. 0/5 review from me then.
http://www.insecurityresearch.com/files/download/
From the readme's its an old version of metasploit
Discovered: 07-13-11
By: Spencer McIntyre (zeroSteiner) SecureState R&D Team
www.securestate.com
Background:
---
Multiple vulnerabilities within the LifeSize Room appliance.
Vulnerability Summaries:
Login page can be bypassed, granting administrative access to t
No doubt. It's in the todo list already and it will be available at the next
version. Thanks for the feedback anyways.
surgeonix
-Original Message-
From: coderman [mailto:coder...@gmail.com]
Sent: Saturday, August 27, 2011 23:08
To: SuRGeoNiX
Cc: full-disclosure@lists.grok.org.uk
Subject
Looks like it's freeWARE but not free per se.
With the added disadvantage that it runs on none of the platforms I use.
How sad. 0/5 review from me then.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.htm
FOREGROUND SECURITY, SECURITY ADVISORY 2011-001
- Original release date: August 27, 2011
- Discovered by: Jose Carlos de Arriba
- Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot)
com)
- Severity: 4.3/10 (Base
12 matches
Mail list logo
