[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] pixlr.com bluecoat image file bypass

To: full disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] pixlr.com bluecoat image file bypass
From: debug <debug.net@xxxxxxxxx>
Date: Thu, 8 Aug 2013 09:27:11 -0700

if one is confined to the bluecoat (bluecoat.com) proxysg, the
pixlr.com/editor page allows him or her to bypass the proxy to
download arbitrary images from any source assuming the pixlr.com
servers have access themselves to retrieve the image.

donations to btc: 1CGw4gpZGZkpQeUMg7s6ip3hp8ZRj9pTGx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] pixlr.com bluecoat image file bypass
  - From: Alex

Prev by Date: Re: [Full-disclosure] [ MDVSA-2013:210 ] firefox
Next by Date: [Full-disclosure] [RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities
Previous by thread: [Full-disclosure] OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
Next by thread: Re: [Full-disclosure] pixlr.com bluecoat image file bypass
Index(es):
- Date
- Thread