google dashboard HTTP Header Injection Permanently Open Redact Vuln.
Hi Google,
Here is Shaifullah Shaon (Black_EyE),
An Ethical Hacker from Bangladesh.
Here I found a bug of your system,
It's Called Open Redaction Bug.
I can permanently redact from
https://www.youtube.com/dashboard?o=U
to
myaccount.google.com/dashboard
I use Brupe Suite for redact url.
Referrence:
1. https://www.owasp.org/index.php/Unval...
2. https://www.owasp.org/index.php/Top_1...
Let's See...
1. I am already login to my youtube dashboard account.
2. Now I am use brupsuite for forword Host youtube.com to google.com
3. Here as you see, Permanently Redact from
https://www.youtube.com/dashboard?o=U
to
myaccount.google.com/dashboard
3. Now I change again Host from myaccount.google.com to youtube.com
4. Now all are ok.
This is hopefully Very Critical Issue. Please patch this as soon as possible.
POC as video: • google dashboard HTTP Header Injectio...
Thanking you,
Shaifullah Shaon (Black_EyE)
[email protected]
+880 1931 397872
It's an Online It Section
Please Subscribe us.
Watch video google dashboard HTTP Header Injection Permanently Open Redact Vuln. online without registration, duration hours minute second in high quality. This video was added by user SQLi Basic 18 March 2017, don't forget to share it with your friends and acquaintances, it has been viewed on our site 200 once and liked it 1 people.