Sql Injection and XSS in Yahoo!’s services (again) |

Recent Comments

Loading....

Loading....

Apocalipsa dupa Nemessis in (103 Visits)
Ce servicii de mail folositi? in (42 Visits)
Hackersblog.org is now blog.rstcenter.com in (28 Visits)
This is the end in (28 Visits)
Short news in (23 Visits)
La multi ani România, la multi ani românilor in (23 Visits)
Azi este ziua userilor hackersblog.org in (16 Visits)
Raportare vulnerabilitati in (15 Visits)
Inca o pierdere de timp in (15 Visits)
Update in (12 Visits)
Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (314 Visits)
Hi5.com coders read this in (38 Visits)
SMS scam (1) in (29 Visits)
Phishing Bancpost in (13 Visits)
Dezinformare sau proasta informare? in (12 Visits)
Si tentativele de phishing pot fi amuzante in (11 Visits)
Phishing Raiffeisen cu atasament html in (7 Visits)
Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (96 Visits)
[Utilitare] Suna gratis de pe internet sau de pe iPhone in (56 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (50 Visits)
Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (43 Visits)
Ce nu se invata la scoala - (D)DOS (5) in (35 Visits)
Virusi in clipuri video [how to] in (34 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (30 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (25 Visits)
Yahoo! redirects - a big issue (with video) in (16 Visits)
Ca musca in... in (13 Visits)
usa.kaspersky.com hacked ... full database acces , sql injection in (174 Visits)
Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (115 Visits)
Yahoo! epic fail - permanent xss unleashed in (91 Visits)
Telegraph.co.uk hacked, sql injection in (67 Visits)
RedTube.com ... The Free Sex Video Community in (61 Visits)
Kaspersky Thailand hacked by TinKode in (49 Visits)
Conquiztador Hacked Again in (49 Visits)
Telegraph.co.uk hacked - when will they learn? in (44 Visits)
Simona Sensual si profilul ei de hi5 in (40 Visits)
F-Secure.com - SQL Injection + Cross Site Scripting in (39 Visits)
Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (33 Visits)
Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (30 Visits)
Digital Photocopiers Loaded With Secrets in (27 Visits)
Hacker Uses XSS and Google Street View Data to Determine Physical Location in (16 Visits)
Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (11 Visits)
[Video] The History Of Hacking in (9 Visits)
OWASP Phishing demo in (9 Visits)
Christopher "moot" Poole: The case for anonymity online in (9 Visits)
Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (8 Visits)
Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (8 Visits)
Se poate sparge parola de Yahoo? in (348 Visits)
phpBB.ro hacked in (105 Visits)
Experiment social in (71 Visits)
Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (61 Visits)
Oare cum e pana la urma? in (57 Visits)
"Hot" de id-uri messenger in (53 Visits)
Concurs fara premii in (52 Visits)
Forumul Andreei Balan spart in (47 Visits)
Ce nu se invata la scoala – Vendetta (6) in (45 Visits)
Experiment social II - andimoisescu.ro in (44 Visits)

Loading....

Sql Injection and XSS in Yahoo!’s services (again)

Posted by 2fingers in English News

Posted on February 28th, 2009

In my search for an XSS I stumbled upon somethin way more interesting!

So… what is this?

And the answer is:

DB’s (extracted by E***s – name will be published upon his request) :

test
investment_game
trafficflow

Database: trafficflow

User: root@localhost

Version: 4.1.23-5b-Yahoo-SMP-log

“users” table

Column login, uid

A2OSX[cenzored]UR6IL6:1:

A3CMY[cenzored]8ZS2:2:

A2TCIF[cenzored]BVB5:3:

4:

A84TYK[cenzored]FB:5:

OLDU[cenzored]ID1:6:

A3OIU[cenzored]92QU:7:

A3QMK[cenzored]02CGN:8:

A3MA5[cenzored]WA3SY:9:

A2WDR[cenzored]ZFN7:10:

A3UJ3[cenzored]9AX:11:

A300Q[cenzored]CNSFM:12:

ADAG[cenzored]WMEPT6:16:

A2S76[cenzored]7RM0IN:17:

ABX62[cenzored]ZDMIJ:18:

AW9UY[cenzored]VS0:19:

AQ44M[cenzored]ZJWYX:20:

A2SF4D[cenzored]PE5F8:21:

AWDPC[cenzored]PGKDP:22:

A3Q07H[cenzored]EFKDL:23:

A2BHX1[cenzored]FCI7:24:

ADTW4[cenzored]LUNL:25:

A2IN2[cenzored]ITCS:26:

A1HCF7[cenzored]GSGU:27:

A1B6XP[cenzored]6RS:28:

A2RV[cenzored]IAZS:29:

A1ORRI[cenzored]HIKZ:30:

A3VV1[cenzored]FCLY3:31:

AA37JM[cenzored]2MCSZ:32:

A3F0SW[cenzored]75GPF1:33:

A1APJ8[cenzored]D9DWG:34:

AYYF7[cenzored]03AV:35:

AC7N1[cenzored]P89E:36:

A4IGPY[cenzored]P7K:37:

A356EV[cenzored]U90R:38:

A33EA[cenzored]QEOM:39:

A37I63[cenzored]4EUGF:40:

A3KEBT[cenzored]KBG:41:

A3TVB8[cenzored]3L9PK:42:

A1BVJU[cenzored]VMVF:43:

A3ES8V[cenzored]X492:44:

A3SNB[cenzored]3HQ62:45:

A3UX2F[cenzored]JCS:46:

ASW2C[cenzored]VUJJ7:47:

AGOAU[cenzored]7FV3:48:

A62K7[cenzored]EBU4:49:

A3QPKI[cenzored]02MO:50:

A3U6F7[cenzored]IZXIO:51:

ASICV1[cenzored]HP6:52:

A1X5M[cenzored]EVPB:53:

AWRA[cenzored]YR0M:54:

A3A86[cenzored]D0U3O0:55:

A3DHO[cenzored]Q2FL69:56:

AWUAA[cenzored]W65Q:57:

A1GJRN[cenzored]WIAX:58:

A38UW[cenzored]JTQT:59:

A2CIBQ[cenzored]466Q:60:

A3Q9OR[cenzored]USM1D:61:

AKYD5Y[cenzored]2C4L:62:

AITEF[cenzored]CGHK2:63:

A1C3NL[cenzored]NUEE:64:

A1SXJB[cenzored]7PXG:65:

A1UV2NU[cenzored]D0F:66:

A2ALH[cenzored]68RWIC:67:

Vulnerable path will be published after the problem is solved by Yahoo!’s tech department. And of course more images.

Thank you Bobby for forwading this issue to Yahoo!.

Don’t forget to check this too: http://blog.rstcenter.com/2008/12/08/yahoocom-sql-injection-xss-se-intampla-si-la-case-mari/

Related Posts

August 24, 2009 -- SQL Injection in Yahoo! kids website (patched)
December 8, 2008 -- Yahoo.com SQL Injection, XSS [se intampla si la case mari]
February 23, 2011 -- Concurs fara premii
August 30, 2010 -- Deface (?!?) pe Cotidianul.ro
April 21, 2010 -- France2.fr – France4.fr – in asteptarea atacului?

5 Responses to “Sql Injection and XSS in Yahoo!’s services (again)”

d3ck4 Says:
February 28th, 2009 at 8:15 am
yahoo! pWn
again..
vnsecurity.vn Says:
February 28th, 2009 at 10:00 am
wow! good job! many site of yahoo have bugs!
thew0rst Says:
February 28th, 2009 at 5:43 pm
cred ca si Pokerstars ar merita un “close look”
Alex Says:
May 15th, 2009 at 7:06 pm
what is xss url ?
can you give me
nyemplungningdalan Says:
May 19th, 2009 at 9:24 am
wow yahoo ???hehehehe

Leave a Reply

Subscribe to our Feed

N/A Subscribers (Feedburner)

Entries RSS

Comments RSS