[Owasp-testing] Fwd: Query about command injection
venkatsiva1994 at gmail.com
Thu Feb 9 11:46:55 UTC 2017
Command runs in the dedicated docker (cloudshell) which is provided by
Google, So this directly doesn't affect Google data it just affects
particular user data (eg. appengine files).
Since it is affecting particular client data , I termed it as Client side
Do let me know if you have queries,
On Thu, Feb 9, 2017 at 4:51 PM, Ismael Rocha <ismaelrocha.projetos at gmail.com
> So, congrats for the finding the issue.
> Reading quickly it seems to be a regular command injection. At the end
> of the day, this needs to run at the backend, right?
> Ismael Goncalves
> On Thu, Feb 9, 2017 at 3:45 AM, Pranav Venkat <venkatsiva1994 at gmail.com>
> > Hi Team,
> > By March 2016 I found a command injection in Google cloud. I termed it
> as '
> > client side command injection ' due to application behavior itself.
> > Please check this link
> > www.pranav-venkat.com/2016/03/command-injection-which-got-me-6000.html
> > and let me know if we can include it under command injection category
> > (sub-category)
> > Thanks and regards,
> > --
> > Venkatesh S
> > @pranavvenkats
> > skype - venkat19942010
> > http://www.pranav-venkat.com
> > _______________________________________________
> > Owasp-testing mailing list
> > Owasp-testing at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-testing
> Ismael Gonçalves
skype - venkat19942010
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing