| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070921035515.14666.qmail@securityfocus.com> Date: 21 Sep 2007 03:55:15 -0000 From: vnn95@...oo.com To: bugtraq@...urityfocus.com Subject: List all the comment + entry belong to the Yahoo 360 public blog and more... I've found that funny result when i try to input some miscellaneous parameters in the query string. When i try to click the HIGHLIGHTED POSTS in the blog but that entry had no longer exist. Dear Yahoo, I've found a bug on your site that i can list all the comments, all the entry belong to the public blog. When i try to click in the HighLighted post in a blog but this entry had no longer existed, the page result is only the box for comment. I look at the URL Address, it like this: http://blog.360.yahoo.com/blog-(blog user encrypted ID)?cq=1&p= I guest the string that encrypted in the query string is the blog user encrypted ID Ok so now i try to input the query string paramter like this http://blog.360.yahoo.com/blog-(blog user encrypted ID)?cq=2&p=' The page result is the very first entry of the blog and all the comment and entry on that blog. See the following: http://blog.360.yahoo.com/blog-wsKfocU5b64EU9Kf5Y1GQw--?cq=2&p=' It's funny :D! Tuan Anh Le.
Powered by blists - more mailing lists