[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+CewVA8ObOo=FNw7FE5LyrzsmqcMwj6Mh-Vb=62z5e6ZcZeiQ@mail.gmail.com>
Date: Thu, 13 Mar 2014 21:30:38 +0000
From: "Nicholas Lemonias." <lem.nikolas@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Google vulnerabilities with PoC
We confirm this to be a valid vulnerability for the following reasons.
The access control subsystem is defeated, resulting to arbitrary write
access of any file of choice.
1. You Tube defines which file types are permitted to be uploaded.
2. Exploitation is achieved by circumvention of web-based security controls
(namely http forms, which is a weak security measure). However,
exploitation of the issue results to unrestricted file uploads (any file of
choice ). Remote code execution may be possible either through social
engineering , or by stochastically rewriting an existing file-structure in
the CDN.
3. This directly impacts the integrity of the service since modification of
information occurs by circumvention. Renaming the uploaded files can be
achieved through YouTube's inherent video manager.
4. Denial of Service attacks are feasible since we bypass all security
restrictions. This directly impacts the availability of the service.
5. Malware propagation is possible, if the planted code get's executed
through social engineering or by re-writing a valid file system structure.
6) All uploaded files can be downloaded through Google Take Out, if past
the Content ID filtering algorithm (through file header obfuscation and
encryption).
Best Regards,
Nicholas Lemonias
Advanced Information Security Corp.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists