Jump to content

Search the Community

Showing results for tags 'yahoo'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

  1. Cel mai mare operator de telecomunicatii din lume, gigantul Verizon, urmeaza sa anunte astazi preluarea companiei de internet Yahoo!. Valoarea tranzactiei se ridica la 4,8 miliarde de dolari. http://incomemagazine.ro/articole/yahoo-va-fi-vandut-pentru-4-8-miliarde-de-dolari http://www.cotidianul.ro/imperiul-decazut-al-yahoo-s-a-vandut-285117/
  2. Vreau si eu un Yahoo Messenger Flooder si cu boti facuti daca se poate?
  3. hey guys i want to buy unlimited and inbox smtp for aol, hotmail, yahoo.. Payment by BTC s_sonic86@yahoo.com s_sonic86@jabber.at ICQ: 192285 thanks
  4. Document Title: =============== Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1491 Yahoo Security ID (H1): #55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID (VL-ID): ==================================== 1491 Common Vulnerability Scoring System: ==================================== 3.3 Product & Service Introduction: =============================== Yahoo! Inc. is an American multinational internet corporation headquartered in Sunnyvale, California. It is widely known for its web portal, search engine Yahoo! Search, and related services, including Yahoo! Directory, Yahoo! Mail, Yahoo! News, Yahoo! Finance, Yahoo! Groups, Yahoo! Answers, advertising, online mapping, video sharing, fantasy sports and its social media website. It is one of the most popular sites in the United States. According to news sources, roughly 700 million people visit Yahoo! websites every month. Yahoo! itself claims it attracts `more than half a billion consumers every month in more than 30 languages. (Copy of the Vendor Homepage: http://www.yahoo.com ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a client-side cross site scripting web vulnerability in the official Yahoo eMarketing online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-05-03: Vendor Notification (Yahoo Security Team - Bug Bounty Program) 2015-05-05: Vendor Response/Feedback (Yahoo Security Team - Bug Bounty Program) 2015-05-06: Vendor Fix/Patch (Yahoo Developer Team) 2015-05-06: Bug Bounty Reward (Yahoo Security Team - Bug Bounty Program) 2015-05-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A non-persistent input validation web vulnerability has been discovered in the official Yahoo eMarketing online service web-application. The security vulnerability allows remote attackers to manipulate client-side application to browser requests to compromise user/admin session information. The vulnerability is located in the `id` value of the `eMarketing` module. Remote attackers are able to inject malicious script codes to client-side GET method application requests. Remote attackers are able to prepare special crafted web-links to execute client-side script code that compromises the yahoo user/admin session data. The execution of the script code occurs in same module context location by a mouse-over. The attack vector of the vulnerability is located on the client-side of the online service and the request method to inject or execute the code is GET. The security risk of the non-persistent cross site vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the non-persistent cross site scripting web vulnerability requires no privileged web application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing, non-persistent external redirects, non-persistent load of malicious script codes or non-persistent web module context manipulation. Request Method(s): [+] GET Vulnerable Module(s): [+] Yahoo > eMarketing Vulnerable Parameter(s): [+] id Proof of Concept (PoC): ======================= The client-side cross site scripting web vulnerability can be exploited by remote attackers without privilege application user account and low user interaction (click). For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. PoC Payload(s): "onmouseenter="confirm(document.domain) (https://marketing.tw.campaign.yahoo.net/) PoC: eMarketing ID <br/> <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr> <td align="right" width="10%" > <div class="fb-like" style="overflow: hidden; " data-href="http://marketing.tw.campaign.yahoo.net/emarketing/searchMarketing/main/S04/B01?id="onmouseenter="confirm(document.domain)" data-layout="button_count" data-action="recommend" data-show-faces="false" data-share="true"></div> </td> <td align="left" valign="bottom" width="65%" > <span style="font-size:12px; margin: 2px; font-weight:bold; color:#4d0079">?????????? ????????</span> </td> </tr> </table> --- PoC Session Logs [GET] --- Status: 200[OK] GET https://marketing.tw.campaign.yahoo.net/emarketing/searchMarketing/main/S04/B01?id=%22onmouseenter=%22confirm(document.domain) Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content Size[-1] Mime Type[text/html] Request Headers: Host[marketing.tw.campaign.yahoo.net] User-Agent[Mozilla/5.0 (X11; Linux i686; rv:37.0) Gecko/20100101 Firefox/37.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[en-US,en;q=0.5] Accept-Encoding[gzip, deflate] Cookie[_ga=GA1.5.1632823259.1428499428; s_pers=%20s_fid%3D66FF8BBF1D4DB480-10779CBEBDA57A64%7C1491837590956%3B%20s_vs%3D1%7C1428680990957%3B%20s_nr%3D1428679190961-New%7C1460215190961%3B; __qca=P0-870655898-1430085821750; _ga=GA1.2.1969841862.1430892005] X-Forwarded-For[8.8.8.8] Connection[keep-alive] Response Headers: Date[Wed, 06 May 2015 12:19:05 GMT] Server[ATS] X-Powered-By[PHP/5.3.27] Content-Type[text/html] Age[0] Connection[close] Via[http/1.1 leonpc (ApacheTrafficServer/4.2.0 [c sSf ])] Reference(s): https://marketing.tw.campaign.yahoo.net https://marketing.tw.campaign.yahoo.net/emarketing/searchMarketing/ https://marketing.tw.campaign.yahoo.net/emarketing/searchMarketing/main/S04/B01?id= Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure parse and encode of the vulnerable id value in the emarketing service application of yahoo. Restrict the input and disallow special chars or script code tags to prevent further injection attacks. Security Risk: ============== The security risk of the client-side cross site scripting web vulnerability in the tw yahoo application is estimated as medium. (CVSS 3.3) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Hadji Samir [s-dz@hotmail.fr] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
  5. Am g?sit acum ceva vreme o vulnerabilitate de tip cross site scripting în Yahoo Mail. Am raportat-o dar mi-au închis raportul ca fiind "Duplicate". Dup? câteva zile am raportat-o din nou ?i surpriz?, mi-au spus c? e valid? pentru o recompens?. Într-un final am primit $400. Poc xss:
  6. De 3 zile am probleme cu contul meu de yahoo. Deci am verificat tot am schimbat parola oricum eu o schimb saptamanal, dar am incercat sa vad ce doamne iarta-ma are si nu pot nici decum sa accesez inbox-ul meu, a mai patit cineva ceva de genu asta?
  7. Hotmail - 475.363 https://www.sendspace.com/file/9t4l9y Yahoo - 148.037 https://www.sendspace.com/file/f5jnh0
  8. Dup? dou? ore de c?utari dup? XSS-uri în Yahoo Mail ... 1. 2. 3. Func?iona ?i cu vectori care nu necesitau interac?iunea userului. 4. 5. Ceva frumos Mai am câteva, am s? le pun când am timp s? urc video-urile pe YT. Toate duplicate. PS: Muie Yahoo.
  9. Yahoo received nearly 5,000 requests for user data from the United States government in the last six months of 2014 and disclosed some content in nearly 25 percent of those cases. The company said in its new transparency report that it received between 0-999 National Security Letters from the U.S. government, too. The latest report from Yahoo on government requests covers the period of July through December of 2014 and the company reported 4,865 total requests from the U.S. during that period. Those requests covered a total of 9,752 user accounts and the company disclosed some content in 1,157 of those cases. Yahoo rejected 258 of the U.S. government’s requests and disclosed solely non-content data in 2,887 cases. Yahoo defines non-content data as “the information captured at the time of registration such as an alternate e-mail address, name, location, and IP address, login details, billing information, and other transactional information”. The U.S. was by far the most active government in this report, with Taiwan coming in a distant second with 2,081 total requests. Germany sent 1,910 requests to Yahoo and the United Kingdom sent 1,570. In the previous six months, the U.S. sent 6,791 total requests to Yahoo and the company reported the same range of NSLs, 0-999. The government only allows companies to report the number of NSLs they receive in bands of 1,000. Yahoo and other technology companies have been pressuring the government for the ability to report those letters in more specific detail. In addition to the transparency data, Yahoo also provided an update on its efforts to protect users from attacks by governments and other attackers. “We’ve encrypted many of our most important products and services to protect against snooping by governments or other actors. This includes encryption of the traffic moving between Yahoo data centers; making browsing over HTTPS the default on Yahoo Mail and Yahoo Homepage; and implementing the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We’ve also rolled out an end-to-end (e2e) encryption extension for Yahoo Mail, now available on GitHub. Our goal is to provide an intuitive e2e encryption solution for all of our users by the end of 2015,” the company said in the report. Yahoo released the end-to-end encryption extension last week, something that was the result of an effort that Alex Stamos, the company’s CISO, announced at Black Hat last year. “Just a few years ago, e2e encryption was not widely discussed, nor widely understood. Today, our users are much more conscious of the need to stay secure online,” Stamos wrote on Yahoo’s Tumblr. He said that Yahoo’s extension will satisfy users’ needs to share sensitive information securely. “Wherever you land on the spectrum, we’ve heard you loud and clear: We’re building the best products to ensure a more secure user experience and overall digital ecosystem.” Yahoo, like its counterparts at Google, has been investing in encrypting more and more of its services and infrastructure. Much of this has come in the wake of the Edward Snowden revelations, but some of the efforts were in motion before the leaks about NSA capabilities against the companies’ services began to surface. Source
  10. Following up on a promise it made during last summer’s Black Hat, Yahoo on Sunday said it’s on track to deliver end-to-end encryption for its email users this year. And to that end, it released the early source code for the Yahoo encryption browser extension to GitHub. Chief information security officer Alex Stamos made the announcement at the South by Southwest Festival, where he said he hopes the security community will pore over the code and submit any vulnerabilities to Yahoo’s Bug Bounty program. He also said that he hopes other email providers will build compatible solutions. “Just a few years ago, e2e encryption was not widely discussed, nor widely understood. Today, our users are much more conscious of the need to stay secure online,” Stamos wrote on Yahoo’s Tumblr. He said that Yahoo’s extension will satisfy users’ needs to share sensitive information securely. “Wherever you land on the spectrum, we’ve heard you loud and clear: We’re building the best products to ensure a more secure user experience and overall digital ecosystem.” Yahoo also released a video, below, demonstrating the ease with which its encryption is deployed compared to GPG, a free and open source encryption implementation. Stamos hopes the solution, which he called “intuitive” would be available by the end of the year. “Anybody who has the ability to write an email should have no problem using our email encryption,” he said to AFP. Yahoo has made huge strides with its efforts to encrypt its web-based services beyond email, turning on HTTPS by default in January 2014 and four months later, encrypting traffic sent between its data centers. This was a weak spot known to be exploited by the National Security Agency, which was copying data from Yahoo and Google’s fiber-optic cables outside the United States. Last August during Black Hat, Stamos announced that Yahoo had partnered with Google on its efforts to encrypt email end to end in a fashion that would be transparent to users. Stamos said Yahoo would use the browser extension Google released in June that enables end-to-end encryption of all data leaving the browser. Stamos said at the time that Yahoo was working to ensure that its system works well with Google’s so that encrypted communications between Yahoo Mail and Gmail users will be simple. “I think anybody who uses email in the center of our life needs encryption,” Stamos said to AFP. “If you send emails to your spouse or your lawyer or family members, you want to have these messages be confidential.” Yahoo is also carrying over that same type of simplicity and intuitiveness to authentication. In addition on Sunday, it also announced a plan to ease the pain associated with passwords with the introduction of on-demand passwords. Director of product management Chris Stoner said in making the announcement that Yahoo users would no longer need to remember complex passwords to access their Yahoo accounts. Instead, once a user opts in to the on-demand password service, a verification code will be sent to the user’s mobile device that can be used to access their account. “It’s important for our products to be safe as used by normal people,” said Stamos. “Our users face a very diverse set of threats. The biggest threat is probably someone stealing their password, and their account taken over.” This article was corrected, correcting references of a plug-in to a browser extension. Source
  11. Yahoo! has offered $24,000 to a security researcher for finding out and reporting three critical security vulnerabilities in its products including Yahoo! Stores and Yahoo!-hosted websites. While testing all the company's application, Mark Litchfield, a bug bounty hunter who often works with different companies, discovered three critical vulnerabilities in Yahoo!'s products. All the three vulnerabilities have now been fixed by Yahoo!. THREE CRITICAL SECURITY VULNERABILITIES The first and most critical vulnerability gives hackers full administrator access to Yahoo!'s e-commerce platform, Yahoo! Small Business, a portal that allows small business owners to create their own web stores through Yahoo! and sell merchandise. According to the researcher, the flaw in the service allowed him to fully administrator any Yahoo store and thereby gain access to customers' personally identifiable information, including names, email addresses, telephone numbers. BUG ALLOWS FREE SHOPPING Beside allowing hackers full admin access to the web stores, the vulnerability could also leverage an attacker to rig a user-run eCommerce web store to let them shop for free, or at a huge discount, Litchfield claimed. A separate but related vulnerability in Yahoo! Stores, second flaw discovered by Litchfield, allows an unauthorized user to edit Yahoo-hosted stores through the app, thereby creating a means for hackers to hijack an online website store. Last but not the least, Litchfield discovered a critical vulnerability in Yahoo’s Small Business portal that allows hackers to seize administrative access to Yahoo!-hosted websites and gain full, unauthorized access to them. The Internet giant patched all the three bugs two weeks ago after Litchfield publicly released details and proof of concepts for the exploits on Bug Bounty HQ, a community for Bug Bounties website, established by Litchfield last month for fellow hunters to share their findings. 'ON DEMAND PASSWORD' At recent SXSW session, Yahoo! launched 'on-demand passwords,' which it says will eliminate the need for you to ever remember your email password. Whenever you need it, the company will send you a OTP (one time password) via SMS to your mobile phone. It's sort of two-factor authentication—without the first factor involved, as there is no need of any log-in password to enter by a user. In order to opt-in for the feature follow some simple steps: Sign in to your Yahoo email account. Click on your name at the top right corner to access your account information page. Choose Security in the sidebar. Click on the slider for on-demand passwords, in order to opt-in. Enter your phone number and Yahoo will send you a verification code. Enter the code. Now, next time whenever you will sign in into your email account, Yahoo will send a password via an SMS to your phone when you need it. Also, the end-to-end email encryption that Yahoo! promised will be available soon by the end of this year. The company gave its first demonstration of the locked down messaging system at SXSW session, and it is also delivering early source code for security researchers to analyze. Source
  12. Nesigure, incomode ?i greu de memorat, parolele folosite pentru accesarea conturilor de utilizator ar putea fi abandonate în viitorul nu prea îndep?rtat, înlocuite cu sisteme de autentificare mai sigure ?i u?or de folosit. Un astfel de sistem este demonstrat de Yahoo, împreun? cu o nou? tehnologie pentru criptarea mesajelor email De?i este considerat cea mai sigur? metod? disponibil? în prezent, sistemul de autentificare în doi pa?i, cu parol? ?i cod de securitate suplimentar furnizat prin intermediul unui dispozitiv aflat în posesia utilizatorului, este propus doar ca metod? op?ional? la sistemul clasic cu parol? unic?. Mai greoi de folosit din pricina celui de-al doilea cod de validare, sistemul este agreat doar de o parte dintre utilizatori, care în?eleg ?i apreciaz? avantajele ob?inute la partea de securitate. Pentru cei din urm? Yahoo a pus la cale o nou? abordare, folosind un sistem cu parole ?la cerere?. La fel ca la sistemul de autentificare în doi pa?i, utilizatorul prime?te un cod unic de acces prin intermediul unui mesaj SMS sau o aplica?ie pentru smartphone dedicat?, valabil timp de câteva zeci de secunde ?i numai pentru o singur? folosire. Diferen?a e c? înaintea acestui cod nu mai trebuie s? tast?m ?i parola principal?, metoda ap?rând ca un sistem de autentificare cu un singur pas, în care telefonul mobil furnizeaz? parola de care avem nevoie. Astfel, în loc s? tast?m parola dinainte memorat? sau codul suplimentar de validare, nu trebuie decât s? ap?s?m butonul "send my password" prezentat în interfa?a aplica?iei. Disponibil deja utilizatorilor din Statele Unite pentru autentificarea în contul Yahoo Mail, sistemul On-demand password poate fi activat din meniul Account Security al aplica?iei pentru smartphone. De?i nu la fel de sigur ca metoda de autentificare în doi pa?i, disponibil? în continuare ca variant? op?ional?, sistemul propus de Yahoo este mai sigur ?i u?or de folosit decât metoda de autentificare cu parol? clasic?. Desigur, dac? telefonul mobil sau tableta configurat? pentru aceast? metod? de autentificare este pierdut? sau furat?, conturile de utilizator pot fi foarte u?or compromise. Totu?i, riscurile pot fi diminuate setând o parol? pentru deblocarea ecranului, sau activând func?ia de autentificare biometric?. Pân? acum, un exemplu nu tocmai de urmat în ce prive?te standardele de securitate, Yahoo Mail încearc? schimbarea acestei percep?ii oferind suport pentru criptarea în sistem end-to-end a mesajelor email. Sursa:Yahoo introduce un nou sistem pentru autentificare f?r? parol?
  13. Yahoo has launched an on-demand password service that lets forgetful customers tie their account security to their mobile phone. Yahoo director of product management Chris Stoner announced the service, which US users can opt into now. The 'On-demand passwords' feature can be activated in the security section of Yahoo accounts' settings menu. Once activated, the user will be instructed to enter their mobile phone number. From this point on, whenever the customer attempts to open their account Yahoo will send a custom unlock code to their phone, removing the need for them to remember a password. Stoner said the service is part of Yahoo's ongoing efforts to make account security easier for users. "We've all been there. You're logging into your email and you panic because you've forgotten your password. After racking your brain for what feels like hours, it finally comes to you. Phew," he said. "Today, we're hoping to make that process less anxiety-inducing by introducing on-demand passwords, which are texted to your mobile phone when you need them. You no longer have to memorise a difficult password to sign in to your account - what a relief." The service is available to US users now. There is no confirmed UK release date and at the time of publishing Yahoo had not responded to V3's request for comment on when it will roll out the service in Europe. The release follows reports that many users are still failing to take even basic cyber defence measures to protect their personal data. Yahoo CEO Marissa Mayer controversially revealed she does not lock her smartphone with a password or gesture, as it made unlocking the device "too time-consuming". Yahoo is one of many companies to experiment with alternative password security services. Apple and Samsung added biometric fingerprint scanners to their latest iPhone 6 and Galaxy S6 smartphones. Source
  14. Industria securit??ii cibernetice s-a dezvoltat vertiginos în ultimii ani, îns? cea mai mare provocare pentru acest domeniu r?mâne recrutarea noilor talente, în condi?iile unui deficit tot mai mare de speciali?ti, scrie agen?ia UPI, potrivit Agerpres Este aproape imposibil s? angajezi oameni cu experien?? în acest domeniu, consider? Alex Stamos, expert în securitate cibernetic? în cadrul companiei Yahoo. Potrivit acestuia, în Statele Unite nu sunt decât patru sau cinci mii de astfel de speciali?ti. Problema deficitului de personal se agraveaz? pe m?sur? ce cre?te num?rul atacurilor cibernetice. Un studiu recent realizat de Institutul Ponemon ?i finan?at de IBM a ar?tat c? aproape jum?tate din americanii adul?i — 110 milioane — au fost victime ale hackerilor în 2014. Biroul pentru Statistica Pie?ei Muncii din SUA a estimat c?, în perioada 2012-2022, cererea de speciali?ti în securitate cibernetic? va cre?te cu 37%, iar în urm?torii ?apte ani vor fi disponibile peste 100.000 de locuri de munc? în acest domeniu. Originea : Sursa // Edit: - Pai la ce prosti sunt, nu ma mir. Noroc ca au cerut serviciile de la hackerone. XSS-ul de l-am gasit, mi-a spus cineva ca a fost patched. Ce poti sa mai le zici la ratatii astia? Experti? HAHAHAH Buna asta!!! Daca si behrouz cu acunetixu gaseste la ei sqli, nu mai zic nimic. Mai nou la spamagii le zic hackeri.. frumos domnle . MUIE YAHOO SI PAYPAL . punct
  15. Am un mail de genu contact@domeniu.ro Problema e ca pe hotmail nu primesc mailurile deloc, pe gmail mailurile vin in spam iar pe yahoo vin in inbox. Vreo idee? Stie cineva care ar putea fi problema?
  16. hehe22

    Yahoo Creator

    Salut, stie cineva un bot multi threaded de preferat.. pentru creare de conturi de yahoo? Multumesc!
  17. Vand CPanel la un pret bun - ...! Pentru Info ma poti contacta ID Yahoo : xoxcih@yahoo.com ICQ : 686301912 Jaber : xoxcih@jabb3r.de
  18. Se raspandeste un email de tip phishing care vizeaza furtul contului de email Yahoo!. Are subiectul “Avoid 2015!!” si suna astfel: Dand click pe link-ul indicat sunteti directionati de fapt spre adresa: http://www.herztakt.eu/includes/index.html, un site fals care mimeaza pagina oficiala de logare Yahoo! Mail. Verificati mereu adresa din campul “Sender”, verificati intotdeauna adresa din bara de adrese si cand aveti chiar si cel mai mic dubiu nu dati click pe link-urile primite pe email. -> Sursa: Avoid 2015!!! – Email de tip phishing
  19. Yahoo servers have been infiltrated by Romanian hackers exploiting the Shellshock bug discovered last month, according to cyber security expert Jonathan Hall. In a blog post on his website Future South, Hall detailed the process by which he discovered Yahoo, Lycos and WinZip websites had all been infiltrated by a group of Romanian hackers. Hall had Google-searched a range of codes designed to identify which servers were vulnerable to Shellshock, and found that Romanian hackers had breached two Yahoo servers and were exploring the network in search of access points for Yahoo!Games, which has millions of users. Yahoo’s servers were vulnerable to attack because they were using an old version of server technology Bash. A Yahoo told The Independent: “A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network. Last night, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.” Yahoo CEO Marissa Mayer was alerted to the Shellshock hacks Before releasing this information, Hall emailed Yahoo and tweeted at its engineering team and CEO Marissa Mayer. It was confirmed to him that its servers had been infiltrated but Yahoo refused to pay him for alerting them as it was not part of the company’s bug bounty programme. Yahoo is notorious for its disregard of bug bounty hunters, having last year rewarded one such hacker who identified three bugs in Yahoo's servers with a $25 voucher for company merchandise. Also in his ethical-hack investigation, Hall found that hackers were using the WinZip domain - for the zip file creator/extractor - to locate other possibly accessible servers. “This breach affects ALL of us in one way or another, and it’s crucial that this problem be resolved with haste,” Hall said. Hall informed the FBI of the hackings. Romania is known as a hub for cyber crime; more than $1 billion stolen in the US by Romanian hackers in 2012, according to the American ambassador in Bucharest. Source: independent.co.uk
  20. Buna (dimineata;ziua;seara) ma numesc Aditza si o sa va prezint un mic program care poate sa va afle parola la messynger [Fuck Passowrd Yahoo] {E creat de mine}. Nu ma cred mare "hacker", dar am zis sa incerc ceva si uite ca a iesit . Cate-va informatii. * Format: EXE * Realizat de mine * Download: //removed Instructiuni: - Intrati pe mail.yahoo.ro - Puneti email-ul victimei - Intrati in Fuck Password Yahoo - Il instalati [ Se deschide un BAT si se instaleaza singur ] - Va apare un mesaj - Dati OK la acel mesaj - POC , va apare un alt messaj cu password Acest program va arata realitatea hacking-ului Yahoo Password. Acest program a fost creat in mod educativ!!
  21. PHP Code Injection vulnerability A Web application penetration tester, Ebrahim Hegazy, has discovered a critical remote PHP code injection vulnerability in the Yahoo website that could allowed hackers to inject and execute any php code on the Yahoo server. The vulnerability exists in the Taiwan sub-domain of the Yahoo " http://tw.user.mall.yahoo.com/rating/list?sid=[code_Injection]". The 'sid' parameter allows to inject PHP code. According to his blog post, the sid parameter might have been directly passed to an eval() function that results in the code Injection. In his demo, Ebrahim showed how he to get the directories list and process list by injecting the following code: http://tw.user.mall.yahoo.com/rating/list?sid=${@print(system(“dir”))} http://tw.user.mall.yahoo.com/rating/list?sid=${@print(system(“ps”))} He also found out that Yahoo server is using an outdated kernel which is vulnerable to "Local Privilege escalation" vulnerability. Yahoo immediately fixed the issue after getting the notification from the researcher. However, he is still waiting for the Bug bounty reward for the bug. Google pays $20,000 for such kind of vulnerabilities. Yahoo sets the maximum bounty amount as "$15,000". Let us see how much bounty Yahoo offers for this vulnerability. Source : E Hacking News [ EHN ] - The Latest IT Security News | Hacker News
  22. Am pus la un sclav intr-un site de 'yahoo checker' un script cu "fwrite"; Le-am dat un sort sa fie unice insa este probabil sa fie si ceva mizerii prin ele. (email-uri inexistente) # wc -l log2.txt 429600 log2.txt Poftiti lupii mei, download aici.
  23. Yahoo! Auto Accept WebCam v 1.1 By BrEaKeRuL M-am inspirat din acest topic Si am zis sa il fac mai interesant, in ce sens: ca sa poti vizualiza camera victimei trebuie ca programul sa ruleze cateva secunde asa ca el va rula cateva minute pana enerveaza victima, in acest timp ii poti cere webcam iar programul va apasa singur YES De facut pe viitor: Vreau ca atunci cand programul ruleaza sa schimbe ceva la status, sa puna un PUNCT ceva sa te anunte ca poti cere webcam . AntiVirus Scan: File name: Sparge Parole.exe Submission date: 2011-02-08 13:35:51 (UTC) Current status: queued (#83) queued (#83) analysing finished Result: 0/ 43 (0.0%) AhnLab-V3 2011.02.06.00 2011.02.06 - AntiVir 7.11.2.100 2011.02.08 - Antiy-AVL 2.0.3.7 2011.01.28 - Avast 4.8.1351.0 2011.02.07 - Avast5 5.0.677.0 2011.02.07 - AVG 10.0.0.1190 2011.02.08 - BitDefender 7.2 2011.02.08 - CAT-QuickHeal 11.00 2011.02.08 - ClamAV 0.96.4.0 2011.02.08 - Commtouch 5.2.11.5 2011.02.08 - Comodo 7613 2011.02.08 - DrWeb 5.0.2.03300 2011.02.08 - Emsisoft 5.1.0.2 2011.02.08 - eSafe 7.0.17.0 2011.02.06 - eTrust-Vet 36.1.8146 2011.02.08 - F-Prot 4.6.2.117 2011.02.04 - F-Secure 9.0.16160.0 2011.02.08 - Fortinet 4.2.254.0 2011.02.07 - GData 21 2011.02.08 - Ikarus T3.1.1.97.0 2011.02.08 - Jiangmin 13.0.900 2011.02.08 - K7AntiVirus 9.81.3771 2011.02.07 - Kaspersky 7.0.0.125 2011.02.08 - McAfee 5.400.0.1158 2011.02.08 - McAfee-GW-Edition 2010.1C 2011.02.08 - Microsoft 1.6502 2011.02.08 - NOD32 5855 2011.02.08 - Norman 6.07.03 2011.02.08 - nProtect 2011-01-27.01 2011.02.02 - Panda 10.0.3.5 2011.02.07 - PCTools 7.0.3.5 2011.02.07 - Prevx 3.0 2011.02.08 - Rising 23.44.00.08 2011.02.07 - Sophos 4.61.0 2011.02.08 - SUPERAntiSpyware 4.40.0.1006 2011.02.08 - Symantec 20101.3.0.103 2011.02.08 - TheHacker 6.7.0.1.126 2011.02.08 - TrendMicro 9.200.0.1012 2011.02.08 - TrendMicro-HouseCall 9.200.0.1012 2011.02.08 - VBA32 3.12.14.3 2011.02.08 - VIPRE 8347 2011.02.08 - ViRobot 2011.2.8.4299 2011.02.08 - VirusBuster 13.6.188.0 2011.02.08 - Download: Upload Mirrors -Easy file upload to multiple free file hosts - Download - Sparge_Parole.zip Sper sa va placa
  24. Salut, Am vazut ca inca exista modalitati de detectare a userilor invisible pe yahoo, sunt mai mult siteuri, nu are rost sa dau exemple aici. Are cineva asa ceva? Eu am facut un fuzzer pentru protocolul Yahoo-ului, dar nu am ajuns la niciun rezultat. Daca stie cineva sau are idee, il rog sa ma anunte si discutam de acolo despre ce ma costa sau schimb sau ce... Ideea e ca imi trebuiesc fix pachetele care se trimit si se primesc, nu un script care se conecteaza la alt site si unde se face verificarea... Multumesc
  25. Bahoi yahoo Funny
×
×
  • Create New...