Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: i've found an exploit, but i want to make it do something before i report it

From: n3td3v <xploitable () gmail com>
Date: Sat, 8 Jul 2006 00:17:23 +0100
On 7/7/06, ima cow <i-am-cow () rogers com> wrote:


  i understand that this is "full disclosure", but before i actually spill
the beans on the exact nature of the exploit i've found, i'd like to make it
actually do something.
for now, know that it affects a popular plugin for a popular messaging
program.
i'm at the stage where i can run any command on the remote user's computer
(just like start > run...), or have them request remote assistance.
other than showing them goatse, what can i do with this?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Its a Yahoo Mezzenger vulnerability, we sold to him about three months ago.
It must be the most whored vulnerability in the script kid circuit, none of
them can work out what to do with it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: