Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
FeedBurner exploit
Posted by: klaus
Date: November 14, 2007 05:39PM

How come Johh Cow and Show Monkey know about this and we don't?!

hxxp://www.johnchow.com/new-blog-milestone-14000-rss-readers/

I cannot tell you the exact method Shoe employed because I promised to keep it between us, but basically he found a bug while studying FeedBurner and exploited it.

Options: ReplyQuote
Re: FeedBurner exploit
Posted by: krazl
Date: January 01, 2008 10:05PM

link overlay.

http://www.krazl.com

Options: ReplyQuote
Re: FeedBurner exploit
Posted by: klaus
Date: January 02, 2008 01:08PM

Hello krazl. I think there's more than image overlay.
I checked here and it actually worked:

http://feeds.feedburner.com/~fc/shoemoney

Options: ReplyQuote
Re: FeedBurner exploit
Posted by: rsnake
Date: January 03, 2008 11:06PM

CSRF maybe? It wouldn't surprise me too much. It's pretty easy to get people added into random feed sites if they are logged in, with only a few exceptions. Visit the site and poof, you're added.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: FeedBurner exploit
Posted by: klaus
Date: January 14, 2008 10:50PM

Yes, RSnake, that might be indeed the case.
I have not been able to sucessfuly find a XSS hole to enter, thought.
Any takers?

Options: ReplyQuote
Re: FeedBurner exploit
Posted by: klaus
Date: January 16, 2008 10:41AM

Seems like FeedBurner found something:

John Chow looks to be down to 4,000 subscribers today!

Rumours it has to do with email subscribers.

Options: ReplyQuote


Sorry, only registered users may post in this forum.