[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Google XXE Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Google XXE Vulnerability
From: Mark Litchfield <mark@xxxxxxxxxxxxxx>
Date: Fri, 21 Feb 2014 14:14:30 -0800

Hi All,

There was an XML external entity vulnerability within Googles Publicdata explorer. This was submitted to Google as part of their Bug BountyProgram.

For the full write up with screen shots -http://www.securatary.com/vulnerabilities


--
All the best

Mark Litchfield
http://www.securatary.com
Twitter - http://twitter.com/securatary


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDVSA-2014:047 ] postgresql
Next by Date: Re: [Full-disclosure] DoS via tables corruption in WordPress
Previous by thread: [Full-disclosure] [ MDVSA-2014:047 ] postgresql
Next by thread: [Full-disclosure] [CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files
Index(es):
- Date
- Thread