[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC

To: Ulisses Montenegro <ulisses.montenegro@xxxxxxxxx>
Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
From: Mario Vilas <mvilas@xxxxxxxxx>
Date: Mon, 17 Mar 2014 16:25:05 +0100

On Mon, Mar 17, 2014 at 3:11 PM, Ulisses Montenegro <
ulisses.montenegro@xxxxxxxxx> wrote:

> Should YouTube restrict file uploads to known valid mime types? Sure, but
> that's only how you got the data in there to begin with. It's what happens
> after the data is in that will make all the difference.


At this point I'm not even sure the data isn't being restricted - it just
may be that the data type is checked again after it gets pulled out of the
queue for processing, and if it's not a video it gets discarded.


-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
  - From: T Imbrahim
- Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
  - From: Mario Vilas
- Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
  - From: Ulisses Montenegro

Prev by Date: [Full-disclosure] [ MDVSA-2014:062 ] webmin
Next by Date: Re: [Full-disclosure] Garage4Hackers Ranchoddas Series - Part 2 on Reverse Engineering - Free Webinar
Previous by thread: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Next by thread: Re: [Full-disclosure] Full-Disclosure Digest, Vol 109, Issue 32
Index(es):
- Date
- Thread