[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC

To: "Michal Zalewski" <lcamtuf@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
From: "T Imbrahim" <TImbrahim@xxxxxxxxxxxxx>
Date: Sat, 15 Mar 2014 11:36:14 -0700

Is this treated with the same way that says that Remote File Inclusion is not a 
security issue ? 

You don't follow? Implying ? 

I understand why nobody likes Google. If I 've found a vulnerability and been 
treated like that for trying to help, I would rather sell it to the black 
market or to some government.

The NSA maybe is happy to buy a RFI on Google, im sure they could make good use 
of that. Google is very deceptive in security matters. 

--- lcamtuf@xxxxxxxxxxx wrote:

From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
To: TImbrahim@xxxxxxxxxxxxx
Cc: pr0ix@xxxxxxxxxxx, full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Date: Sat, 15 Mar 2014 10:59:40 -0700

> A hacker exploits a JSON (javascript) object that has information of interest 
> for example holding some values for cookies. A lot of times that exploits the 
> same policy origin. The JSON object returned from a server can be forged over 
> writing javascript function that create the object. This happens because of 
> the same origin policy problem in browsers that cannot say if js execution it 
> different for two different sites.

To be honest, I'm not sure I follow, but I'm fairly confident that my
original point stands. If you believe that well-formed JSON objects
without padding can be read across origins within the browser, I would
love to see more information about that. (In this particular case, it
still wouldn't matter because the response doesn't contain secrets,
but it would certainly break a good chunk of the Internet.) JSONP is a
different animal.

/mz

_____________________________________________________________
Are you a Techie? Get Your Free Tech Email Address Now! Visit 
http://www.TechEmail.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
  - From: Michal Zalewski
- Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
  - From: Mario Vilas

Prev by Date: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Next by Date: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Previous by thread: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Next by thread: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Index(es):
- Date
- Thread