google dashboard HTTP Header Injection Permanently Open Redact Vuln.
Hi Google,
Here is Shaifullah Shaon (Black_EyE),
An Ethical Hacker from Bangladesh.
Here I found a bug of your system,
It's Called Open Redaction Bug.
I can permanently redact from
https://www.youtube.com/dashboard?o=U
to
myaccount.google.com/dashboard
I use Brupe Suite for redact url.
Referrence:
1. https://www.owasp.org/index.php/Unval...
2. https://www.owasp.org/index.php/Top_1...
Let's See...
1. I am already login to my youtube dashboard account.
2. Now I am use brupsuite for forword Host youtube.com to google.com
3. Here as you see, Permanently Redact from
https://www.youtube.com/dashboard?o=U
to
myaccount.google.com/dashboard
3. Now I change again Host from myaccount.google.com to youtube.com
4. Now all are ok.
This is hopefully Very Critical Issue. Please patch this as soon as possible.
POC as video: • google dashboard HTTP Header Injectio...
Thanking you,
Shaifullah Shaon (Black_EyE)
[email protected]
+880 1931 397872
It's an Online It Section
Please Subscribe us.
Смотрите видео google dashboard HTTP Header Injection Permanently Open Redact Vuln. онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь SQLi Basic 18 Март 2017, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 200 раз и оно понравилось 1 людям.