Loading....
Loading....

    Posted by Shocker in English News

    Posted on December 8th, 2008

    O companie care valoreaza miliarde de dolari si care se presupune ca ar trebui sa aibe doar programatori “buni”, programatori care nu lasa in urma lor gauri de securitate prin site-ul Yahoo!.
    De XSS-uri se stie deja ca au fost destul de multe prin *.yahoo.com si totodata ca mai sunt si altele inca. Insa cand vine vorba de SQL Injection in yahoo.com, de privacy-ul promis de Yahoo! care pare sa se clatine, de posibilitatea de a avea acces la informatii private ale milioanelor de useri ai site-ului yahoo.com, gluma se ingroasa.

    Sa continuam cu prezentarea vulnerabilitatii (gasita de Kenpachi si kw[3]rln @ hackersblog.org & rstcenter.com).
    Una din paginile vulnerabile la SQL Injection: http://in.jagran.yahoo.com/article/index.php?choice=homepage_getnews&state=1&city=87%20union%20all%20select%201,concat_ws(0x203a20,version(),user()),3,4,
    5,6,7,8,9,10,11,12,13,14,15,16,17,18

    Ce se vede aici? Informatii despre versiunea serverului SQL si userul curent de pe care se executa query-urile:

    Listarea userelor SQL si parolele acestora:

    Si, evident, multe altele.

    Totodata, acest SQL Injection se poate folosi si pe post de XSS, folosit in special pentru furtul de sesiuni

    Partea proasta e ca inca nu au adoptat o politica de recunoastere a bugurilor/vulnerabilitatilor din site-urile lor si a celor care le gasesc. Sa renunte la orgoliu si vor avea doar de castigat, majoritatea persoanelor care gasesc buguri in site-ul yahoo nu le mai dezvaluie tocmai din cauza asta. Totodata asta ar duce si la mai putine situatii neplacute gen conturi sparte / furate

    ===========================================================

    English version:

    A company worth billions of dollars which is supposed to have the best programmers, the kind of company that won’t leave any security wholes in the system. Yahoo! system that is!
    XSS bugs are already yesterday’s news when we talk about Yahoo! They are all over the place on the *.yahoo.com subdomains.
    But we are not talking here about minor XSS bugs. We mean serious business. We are talking about the kind of security which exposes the privacy of millions of users of the “trustable” Yahoo! services.
    We are talking about SQL Injection. One of the worst kinds of security breach.

    We will present here the vulnerability found by Kenpachi and kw[3]rln @ hackersblog.org & rstcenter.com .

    Here you have one of the pages vulnerable to SQL Injection: http://in.jagran.yahoo.com/article/index.php?choice=homepage_getnews&state=1&city=87%20union%20all%20select%201,concat_ws(0x203a20,version(),user()),3,4,
    5,6,7,8,9,10,11,12,13,14,15,16,17,18

    What do we find here? Information about the SQL server, its version and the current user SQL user:

    A list with SQL users and passwords:

    And of course, much more information available at the hand of an attacker.

    Moreover, this SQL Injection can be used as an XSS, especially for session hijacking:

    The sad part is that Yahoo! didn’t adopt any policy whatsoever regarding this kind of problems. They dont admit they have a problem, nor do they give any credits to those who find them.

    Following in the footsteps of other sites, Yahoo! could learn to gain from this. Vast majority of those who find bugs don’t disclose them anymore precisely for the fact that Yahoo! is in total denial. By coming out clean, Yahoo! would also reduce the amount of hacked/stolen accounts and other shameful security breaches like the one we present here.

    Related Posts

    9 Responses to “Yahoo.com SQL Injection, XSS [se intampla si la case mari]”

    1. crow Says:

      Si cand ma gandesc ca astora le dau cate 19$/an, ma ia groaza…:)

    2. Aiurea Says:

      Erau romani aia ce l-au hackerit ?

    3. 2fingers Says:

      @Aiurea
      Da. Cei doi fac parte din echipa de editori ai blogului si sunt admini pe rstcenter.com.

    4. chessh Says:

      Mdea, ratati. Ce sa zic ii mananca orgoliul. Mai bine ar admite si ar repara, pentru siguranta utilizatorilor. Felicitari Kenpachi si kw3rln inca o data. :)

    5. Kenpachi Says:

      fixed fara mersi fara futute’n cur. mai punem si altele nu e problema.

    6. crs12decoder Says:

      ba esti prost? :O :) ).. ai idee cat valoreaza aia? ia du-te la gugle sau la microsoft si spune-le sa-ti faca o oferta :) )

    7. nix Says:

      hehe tocmai ce am gasit si eu una pe alt site de yahoo :D

    8. Legea cu monitorizatul » Jurnal Întrerupt Says:

      [...] dat, unele baze de date vor fi compromise. Pentru că, să fim serioși, nu contează cât de mare ești (da, mi-e lene să caut și alte surse), întotdeauna se vor găsi găuri în sistemul tău [...]

    9. HackersBlog » Blog Archive » Sql Injection in Yahoo! services (again) Says:

      [...] (2 Visits)Ce nu se invata la scoala – Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)yahoo.com SQL Injection, XSS [se intampla si la case mari] in XSS (220 Visits)Emiii, Florineee – xss in eok.ro (IAR) in XSS (173 Visits)Mailuri periculoase [...]

    Leave a Reply

    Studio videochat bucuresti Studio videochat Bucuresti
    Download Muzica Filme
    Studio videochat Iasi videochat Iasi