Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
new xss
Posted by: withwing
Date: August 14, 2008 08:20AM

a yahoo xss.
http://music.cn.yahoo.com



Edited 2 time(s). Last edit at 08/23/2008 12:44AM by withwing.

Options: ReplyQuote
Re: new yahoo xss
Posted by: withwing
Date: August 14, 2008 08:23AM

not patch!

Options: ReplyQuote
Re: new yahoo xss
Posted by: Kyo
Date: August 14, 2008 01:13PM

Why do big sites always hardcode languages? what makes them think it's a good idea?!

Options: ReplyQuote
Re: new yahoo xss
Posted by: hometown
Date: August 14, 2008 09:25PM

Already patched!
[music.cn.yahoo.com]

Options: ReplyQuote
Re: new yahoo xss
Posted by: C1c4Tr1Z
Date: August 15, 2008 08:10PM

I don't think that Yahoo! has no sense of security and let you inject so easy JS code. :S

Options: ReplyQuote
Re: new yahoo xss
Posted by: id
Date: August 15, 2008 10:12PM

C1c4Tr1Z Wrote:
-------------------------------------------------------
> I don't think that Yahoo! has no sense of security
> and let you inject so easy JS code. :S

Ummmmm....they did let him, they just happened to fix it later.

-id

Options: ReplyQuote
Re: new yahoo xss
Posted by: C1c4Tr1Z
Date: August 16, 2008 12:27AM

id Wrote:
-------------------------------------------------------
> Ummmmm....they did let him, they just happened to
> fix it later.

Ohh, sorry.

Options: ReplyQuote
Re: new yahoo xss
Posted by: Kyo
Date: August 19, 2008 08:21PM

cicatriz (?), you'd be surprised. Most non-security themed sites out there have horrible security.

Options: ReplyQuote
Re: new yahoo xss
Posted by: thrill
Date: August 19, 2008 11:34PM

Quote

Most non-security themed sites out there have horrible security.

Umm.. most security based sites have horrible security.. unless they're specific to web based. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: new yahoo xss
Posted by: Kyo
Date: August 20, 2008 05:50AM

true, but I was sorta talking about web security

Options: ReplyQuote


Sorry, only registered users may post in this forum.