| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Mar 2014 03:17:35 +0000 (GMT)
From: M Kirschbaum <pr0ix@...oo.co.uk>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Fwd: Google vulnerabilities with PoC
The thread starter is right about this. It is a vulnerability, and I think Google should start considering this.
The JSON service responds to GET requests , and there is a good chance that the service is also vulnerable to JSON Hijacking attacks.
As a professional penetration tester , I believe that Google was false not to award this.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists