The thread starter is right about this. It is a vulnerability, and I think
Google should start considering this.
The JSON service responds to GET requests , and there is a good chance that the
service is also vulnerable to JSON Hijacking attacks.
As a professional penetration tester , I believe that Google was false not to
award this.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
