Re: [Full-disclosure] Phun! Search
- From: n3td3v <n3td3v@xxxxxxxxx>
- Date: Thu, 23 Mar 2006 21:12:37 +0000
I have exploit code for this issue, which the list won't be getting hold of..
The disclosure was to show that I can ask the slurp robot to cache an
account on the public index, so I can retrieve account information. I ask
the code to cache a copy of 'x user', when 'x' is at critical information
page to obtain access to the yahoo users account. Of course with such a good
0-day, I use it seldom and only on specific targets like yahoo users with
'paid' services and or Yahoo employees.
On 3/22/06, Stan Bubrouski <stan.bubrouski@xxxxxxxxx> wrote:
How old are you? Seriously. I don't know whether you realize just
how completely stupid you come off as to even people new in the
security field. You are a joke. Quit filling this list with crap.
BTW did you even check to see if you Yahoo! will let you view OTHER
people's account stuff? Otherwise it seems pretty useless.
-sb
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] Phun! Search
- From: Stan Bubrouski
- Re: [Full-disclosure] Phun! Search
- References:
- [Full-disclosure] Phun! Search
- From: n3td3v
- Re: [Full-disclosure] Phun! Search
- From: teh kids
- Re: [Full-disclosure] Phun! Search
- From: n3td3v
- Re: [Full-disclosure] Phun! Search
- From: Javor Ninov
- Re: [Full-disclosure] Phun! Search
- From: n3td3v
- [Full-disclosure] Phun! Search
- Prev by Date: Re: FW: [Full-disclosure] Secure HTTP
- Next by Date: [Full-disclosure] PasswordSafe 3.0 weak random number generator allows key recovery attack
- Previous by thread: Re: [Full-disclosure] Phun! Search
- Next by thread: Re: [Full-disclosure] Phun! Search
- Index(es):
Relevant Pages
|
|
