Interesting. I'm especially curious if it could be used to scrape Google services (e.g. search results) without being picked up by filters (due to it being a Google operated IP address).
I also wonder how far recursively it'd go - would it be possible to use one of those URLs to attack itself? On Sun, Aug 28, 2011 at 6:16 PM, R00T_ATI <[email protected]> wrote: > ABSTRACT: > The vulnerable pages are *“/_/sharebox/linkpreview/“* and *“gadgets/proxy? > “* > Is possible to request any file type, and G+ will download and show all the > content. So, if you parallelize so many requests, is possible to *DDoS*any > site with > *Google bandwidth*. Is also possible to start the *attack* without be > logged in G+. > > Article link: > http://www.ihteam.net/advisory/make-requests-through-google-servers-ddos/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
