Re: [Full-disclosure] Phun! Search

n3td3v Thu, 23 Mar 2006 13:13:05 -0800

I have exploit code for this issue, which the list won't be getting hold of. The disclosure was to show that I can ask the slurp robot to cache an account on the public index, so I can retrieve account information. I ask the code to cache a copy of 'x user', when 'x' is at critical information page to obtain access to the yahoo users account. Of course with such a good 0-day, I use it seldom and only on specific targets like yahoo users with 'paid' services and or Yahoo employees.

On 3/22/06, Stan Bubrouski <[EMAIL PROTECTED]> wrote:
How old are you?  Seriously.  I don't know whether you realize just
how completely stupid you come off as to even people new in the
security field.  You are a joke.  Quit filling this list with crap.
BTW did you even check to see if you Yahoo! will let you view OTHER
people's account stuff?  Otherwise it seems pretty useless.

-sb

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Phun! Search

Reply via email to