More proof that web apps are impossible to secure. Great++ response from the Yahoo sec team though (10k reward): https://klikki.fi/adv/yahoo.html
@attrc have you seen some of the Yahoo bug reports on hackerone? this is just ridiculous. https://web.archive.org/web/20140401014825/https://hackerone.com/reports/2127 …
-
-
@attrc finds random admin panel on public server, logs in with "admin/admin", uploads php shell and uses it to get command exec -
@attrc I also reported a bug chain to Yahoo on 2014-03-02, first response 2014-04-09, one bug fixed 2014-12-18 by adding X-Frame-Options - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.