Full Disclosure mailing list archives
Re: Phun! Search
From: Bernhard Mueller <research () sec-consult com>
Date: Fri, 24 Mar 2006 00:19:40 +0100
Hello, n3td3v wrote:
I have exploit code for this issue, which the list won't be getting > hold of. The disclosure was to show that I can ask the slurp robot to cache an account on the public index,... bla,...
There's no need at all to cache anything at all. http://mtf.news.yahoo.com/mailto?prop=mycstore&locale=us&h2=n3td3v will give you the same result as http://66.218.69.11/search/cache?ei=UTF-8&p=n3td3v&fr=sfp&u=mtf.news.yahoo.com/mailto%3Furl%3Dhttp%253A//e.my.yahoo.com/config/cstore%253F.opt%3Dcontent%2526.node%3D1%2526.sid%3D171771%26title%3DChoose+Content%26prop%3Dmycstore%26locale%3Dus%26h1%3Dymessenger+at+Yahoo%21+Groups%26h2%3Dn3td3v%26h3%3Dhttp%253A//my.yahoo.com&w=n3td3v&d=U5wy1m1aMbOe&icp=1&.intl=us (your "Concept"). Sorry to tell you, but there is no vulnerability involved here (except maybe a lame XSS, didn't try that though). -- Bernhard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Phun! Search n3td3v (Mar 20)
- Re: Phun! Search teh kids (Mar 21)
- Re: Phun! Search n3td3v (Mar 21)
- Re: Phun! Search Javor Ninov (Mar 21)
- Re: Phun! Search n3td3v (Mar 21)
- Re: Phun! Search womber (Mar 21)
- Message not available
- Re: Phun! Search n3td3v (Mar 23)
- Re: Phun! Search Stan Bubrouski (Mar 23)
- Re: Phun! Search n3td3v (Mar 21)
- Re: Phun! Search teh kids (Mar 21)
- Re: Phun! Search wac (Mar 23)
- Re: Phun! Search n3td3v (Mar 23)
- Re: Phun! Search n3td3v (Mar 23)
- Message not available
- Re: Phun! Search Alexander Hristov (Mar 23)
- Message not available
- Re: Phun! Search n3td3v (Mar 23)
- Re: Phun! Search Alexander Hristov (Mar 24)
- <Possible follow-ups>
- RE: Phun! Search Matthew Sargent (Mar 21)
- RE: [OFFTOPIC] Phun! Search php0t (Mar 21)
- Re: Phun! Search 0x80 (Mar 23)