hi there I think you might find this interesting guys :)

http://hackersblog.org/2008/12/08/yahoocom-sql-injection-xss-se-intampla-si-la-case-mari/

Heh.. I guess they're expanding their takeover bid.. now they want someone to take over their site, not just the company.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

wow and its still active

http://www.xssed.com/archive/author=PaPPy/

very nice

"The sad part is that Yahoo! didn’t adopt any policy whatsoever regarding this kind of problems. They dont admit they have a problem, nor do they give any credits to those who find them.

Following in the footsteps of other sites, Yahoo! could learn to gain from this. Vast majority of those who find bugs don’t disclose them anymore precisely for the fact that Yahoo! is in total denial."

Sounds right to me. I thought I was doing them a favor once by reporting some bugs, but they didn't take it seriously. That was 3.5 years ago and I bet they have bugs older than that.



Edited 1 time(s). Last edit at 12/11/2008 03:47PM by Robert Chapin.

gr8 job dude !!!
SQL Injection is too cool and every big sites have this vuln :)
example : apple.com , yahoo.com , microsoft. ... ( exactly i don't remember what sub domain of it was ) and msn.com i think :-?
and ....
any way , again good job :)

we've still got some sql holes in yahoo, we'll release them soon. at the moment we've got 1 simple sqli with no limitations :) and 2 blind sqlis

come on defacement!

http://www.xssed.com/archive/author=PaPPy/