Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
yahoo.com sql injection
Posted by: Andre3000
Date: December 08, 2008 11:35AM

hi there I think you might find this interesting guys :)

http://hackersblog.org/2008/12/08/yahoocom-sql-injection-xss-se-intampla-si-la-case-mari/

Options: ReplyQuote
Re: yahoo.com sql injection
Posted by: thrill
Date: December 08, 2008 02:00PM

Heh.. I guess they're expanding their takeover bid.. now they want someone to take over their site, not just the company.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: yahoo.com sql injection
Posted by: PaPPy
Date: December 08, 2008 06:00PM

wow and its still active

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: yahoo.com sql injection
Posted by: barbarianbob
Date: December 09, 2008 03:50PM

very nice

Options: ReplyQuote
Re: yahoo.com sql injection
Posted by: Robert Chapin
Date: December 11, 2008 03:47PM

"The sad part is that Yahoo! didn’t adopt any policy whatsoever regarding this kind of problems. They dont admit they have a problem, nor do they give any credits to those who find them.

Following in the footsteps of other sites, Yahoo! could learn to gain from this. Vast majority of those who find bugs don’t disclose them anymore precisely for the fact that Yahoo! is in total denial."

Sounds right to me. I thought I was doing them a favor once by reporting some bugs, but they didn't take it seriously. That was 3.5 years ago and I bet they have bugs older than that.



Edited 1 time(s). Last edit at 12/11/2008 03:47PM by Robert Chapin.

Options: ReplyQuote
Re: yahoo.com sql injection
Posted by: one23
Date: December 12, 2008 11:44AM

gr8 job dude !!!
SQL Injection is too cool and every big sites have this vuln :)
example : apple.com , yahoo.com , microsoft. ... ( exactly i don't remember what sub domain of it was ) and msn.com i think :-?
and ....
any way , again good job :)

Options: ReplyQuote
Re: yahoo.com sql injection
Posted by: Andre3000
Date: December 13, 2008 06:48AM

we've still got some sql holes in yahoo, we'll release them soon. at the moment we've got 1 simple sqli with no limitations :) and 2 blind sqlis

Options: ReplyQuote
Re: yahoo.com sql injection
Posted by: PaPPy
Date: December 13, 2008 08:03AM

come on defacement!

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote


Sorry, only registered users may post in this forum.