Full Disclosure mailing list archives
Re: LinkedIn_User Account Delete using Click jacking
From: Laurelai <laurelai () oneechan org>
Date: Fri, 07 Oct 2011 16:38:48 -0700
On 10/7/2011 12:30 PM, xD 0x41 wrote:
Ok ive gotten it open in a disposable vm and extracted out all the info, ive converted it into its component images and an html file that had the text of the document, located here.Hi,Another security expert... sheesh... and they cannot do simplest of tasks, makes me wonder really how do they get anything atall coded, but then again i doubt there is code... I bet theyre all some persistent xss etc... wich would req some fuzz tool... well, cewrtainly see better people like kcope who does not call himself any senior security, yet has made many of remote exploits, and he posts them in his <body> so, it should be i think put in the email-bdy, responsibly that is. That would be good to have but since everyone company takes ITsec so differently, i know MS and Google have great disclosure policies, but this is supposed to be on theyre end, not ours... so i guess its another good question.cheers xdOn 8 October 2011 06:25, Peter Dawson <slash.pd () gmail com <mailto:slash.pd () gmail com>> wrote:if I get it right this dude is supposed to be " * Senior Security Analyst at iViZ Techno Solutions Pvt. Ltd. <http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof> Whatever happened on protocol's for responsible disclosure ? On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41 <secn3t () gmail com <mailto:secn3t () gmail com>> wrote: Screw you dude, attaching executable doc files , and then pushing out a few *0days* I wont be looking at *any* thing attached as a doc, thats just common sense. nowdays, and there is abs NO need on this list for it, it is FD, your meant to put it in the BODY of email, or atleast maybe next time, change the type to linux 0day and attach .S file... ?? screw u and ur advisorys, fix them into proper order asin written as any would be, and ill read it, but never ask a dood to open the attachment! On 7 October 2011 22:48, asish agarwalla <asishagarwalla () gmail com <mailto:asishagarwalla () gmail com>> wrote: Hi, LinkedIn_User Account Delete using Click jacking. This Vulnerability is accepted by LinkedIn they are in a process to patched it but not yet patched. Please find the document describing the vulnerability. Regards Asish _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
http://ge.tt/9XUyZY8 no password.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: LinkedIn_User Account Delete using Click jacking, (continued)
- Re: LinkedIn_User Account Delete using Click jacking Zachary Hanna (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking Peter Dawson (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking Laurelai (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking Ferenc Kovacs (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking Naresh Jha (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking Laurelai (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking hfux0r (Oct 08)
- Re: LinkedIn_User Account Delete using Click jacking Laurelai (Oct 08)
- Re: LinkedIn_User Account Delete using Click jacking Peter Dawson (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking Laurelai (Oct 07)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 08)
- Re: LinkedIn_User Account Delete using Click jacking Ferenc Kovacs (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking Valdis . Kletnieks (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking adam (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking xD 0x41 (Oct 09)
- Re: LinkedIn_User Account Delete using Click jacking Michele Orru (Oct 09)