More proof that web apps are impossible to secure. Great++ response from the Yahoo sec team though (10k reward): https://klikki.fi/adv/yahoo.html
@attrc finds random admin panel on public server, logs in with "admin/admin", uploads php shell and uses it to get command exec
-
-
@attrc I also reported a bug chain to Yahoo on 2014-03-02, first response 2014-04-09, one bug fixed 2014-12-18 by adding X-Frame-Options -
@attrc it's nice that they didn't need months to fix a critical XSS, but I don't see what's "Great++" about 11 days response time - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.