Posts

Showing posts from November, 2014

How I was able to send a mail with Your Email Id?

Image
How I was able to send a mail with Your Email Id? Is it possible?

Yes. It is. If you are using Gmail, until yesterday, I can send email with your email id. Do u want to know how?

Read my story then....


Hi Friends,

This is Mohan Kallepalli, again with another bug in gmail...

Thanks to facebook, another day started with frustration. I will tell u that story another time. Anyway, with the frustration on facebook, i turned my focus to my favorite Google one more time. While I was going through the Gmail settings, thanks to my low speed internet, my browser suggested me to use "Basic HTML".

Once i opened my settings in Basic HTML, i went to Accounts section and there i saw the functionality for adding another users email id to your "send email as" list. This functionality is protected by a verification code authentication mechanism. which means, Gmail will send a verification code (9digits) to the target email id and you need to enter that code in your verification pag…

Youtube URL Redirection..

Image
Hi Guys,

Another bug in Google.. This time is with youtube.com

Hmm.. Found a bug in Youtube.. but unfortunately, this bug is out of scope.. Anyway, a bug is a bug.. Lets see..

The issue is an URL redirection vulnerability that existing in upload.youtube.com. When you upload a video which is not proper (invalid), the application redirects you to error URL. This URL is being sent to the server as a parameter, error_redirect. I tried changing the url to some random domain, and guess what, it redirected as i have uploaded an invalid video.

Then, in the request i observed there are two user specific tokens going to the server. They are nothing but anti-csrf tokens and working properly with a valid video. But in the case of an invalid video, they are no longer validated and are being ignored. So i tried to send the request with invalid file, but this time i removed the user specific tokens user_token and session_token. And as i expected, the application issued an 302 redirection to the url…