*https://www.google.com/settings/takeout <https://www.google.com/settings/takeout> *
*However the only problem would be to get past Content ID filtering. I suppose encrypting an uploaded file, and obfuscating file headers may get past YouTube's Content ID filtering. Youtube is not a File Transfer Protocol... It's there to serve media content. * <https://www.google.gr/#> On Thu, Mar 13, 2014 at 1:52 PM, Pedro Ribeiro <[email protected]> wrote: > Keep in mind that YouTube allows files to be uploaded by definition. What > you have achieved is upload a file for an extension type that is not > allowed. > It is definitely a vulnerability but a low risk one since you haven't > demonstrated if it has any ill effects. > > Can you somehow find the URL to where the file was uploaded? I would guess > not, since a well designed service like YouTube should hide those details > and no leak them in any way. Maybe if you are able to find that you can > combine with this vulnerability and get them to open their wallet? > > Regards > Pedro > On 13 Mar 2014 11:50, "Nicholas Lemonias." <[email protected]> > wrote: > >> Google vulnerabilities uncovered... >> >> >> >> http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
