retender if you don't have a clue.
Cheers
antisnatchor
Mario Vilas wrote:
> I believe Zalewski has explained very well why it isn't a vulnerability,
> and you couldn't possibly be calling him hostile. :)
>
>
> On Sat, Mar 15, 2014 at 11:20 AM, M Kirschbaum wrote:
>
rying to convince us that you're right.
Maybe you can create the next LOIC specifically tailored to DoS Youtube
with this serious bug, ROFL!
Cheers
antisnatchor
Nicholas Lemonias. wrote:
> If you wish to talk seriously about the problem, please send me an email
> privately. And we can t
>
> >> -- Forwarded message --
> >> From: Nicholas Lemonias. <mailto:lem.niko...@googlemail.com>>
> >> Date: Fri, Mar 14, 2014 at 5:58 PM
> >> Subject: R
as Lemonias.* <mailto:lem.niko...@googlemail.com>>
> Date: Fri, Mar 14, 2014 at 5:58 PM
> Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities
> with PoC
> To: antisnatchor <mailto:antisnatc...@gmail.com>>
>
&g
LOL you're hopeless.
Good luck with your business. Brave customers!
Cheers
antisnatchor
Nicholas Lemonias. wrote:
>
> People can read the report if they like. Can't you even do basic
> things like reading a vulnerability report?
>
> Can't you see that the advis
; that through XHR from years anyways), but simply
you wouldn't expect Google to pay you
for such a bug. Same with this bug.
Cheers
antisnatchor
>
>
>
> On Fri, Mar 14, 2014 at 6:04 AM, Jerome Athias wrote:
>
>> Hi
>>
>> I concur that we are mainly discussin
like saying that you have a normal file upload functionality in a
PHP application on Apache that expects files with extension .png only,
and you manage to upload an .asp file. Security-wise that's not a risk.
Cheers
antisnatchor
Nicholas Lemonias. wrote:
> Google vulnerabilities uncove
Nice one Nick,
great job eheh :D
Cheers
antisnatchor
Nicolas GrégoireMarch 8, 2013 10:12 AM
Hi!I published last week a blog
post describing the results of the XSLTfuzzing campaign I did in
2012. Now that most of the discoveredvulnerabilities are patched,
I've chosen to give
x.509 certificates and so on :D
Cheers
antisnatchor
Michal ZalewskiJanuary 27, 2013 7:17 PM
OGMMM WTFF 0DAY XSSSorry, getting a bit tired of
these.Well, the world is changing. You
can probably do a lot more direct damage with a (legit) XSS in a
high-value site than with a local priv
