More proof that web apps are impossible to secure. Great++ response from the Yahoo sec team though (10k reward): https://klikki.fi/adv/yahoo.html
@attrc I'd say it shows that sanitization should at least parse, sanitize the DOM and stringify to well-formed data instead of string-based
-
-
@attrc have you seen some of the Yahoo bug reports on hackerone? this is just ridiculous. https://web.archive.org/web/20140401014825/https://hackerone.com/reports/2127 … -
@attrc finds random admin panel on public server, logs in with "admin/admin", uploads php shell and uses it to get command exec - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.