| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAExQ7uJw_SGmVe7Nb7xCs-bjG-fo0mVpgQiMrCDCA-xNDGvZ0g@mail.gmail.com>
Date: Sun, 28 Aug 2011 18:30:48 -0500
From: adam <adam@...sy.net>
To: R00T_ATI <r00t_ati@...eam.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Make requests through Google servers
Interesting. I'm especially curious if it could be used to scrape Google
services (e.g. search results) without being picked up by filters (due to it
being a Google operated IP address).
I also wonder how far recursively it'd go - would it be possible to use one
of those URLs to attack itself?
On Sun, Aug 28, 2011 at 6:16 PM, R00T_ATI <r00t_ati@...eam.net> wrote:
> ABSTRACT:
> The vulnerable pages are *“/_/sharebox/linkpreview/“* and *“gadgets/proxy?
> “*
> Is possible to request any file type, and G+ will download and show all the
> content. So, if you parallelize so many requests, is possible to *DDoS*any site with
> *Google bandwidth*. Is also possible to start the *attack* without be
> logged in G+.
>
> Article link:
> http://www.ihteam.net/advisory/make-requests-through-google-servers-ddos/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists