[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <44232D0C.6070200@sec-consult.com>
Date: Thu Mar 23 23:21:22 2006
From: research at sec-consult.com (Bernhard Mueller)
Subject: Phun! Search
Hello,
n3td3v wrote:
> I have exploit code for this issue, which the list won't be getting >
> hold of. The disclosure was to show that I can ask the slurp robot to
> cache an account on the public index,... bla,...
There's no need at all to cache anything at all.
http://mtf.news.yahoo.com/mailto?prop=mycstore&locale=us&h2=n3td3v
will give you the same result as
http://66.218.69.11/search/cache?ei=UTF-8&p=n3td3v&fr=sfp&u=mtf.news.yahoo.com/mailto%3Furl%3Dhttp%253A//e.my.yahoo.com/config/cstore%253F.opt%3Dcontent%2526.node%3D1%2526.sid%3D171771%26title%3DChoose+Content%26prop%3Dmycstore%26locale%3Dus%26h1%3Dymessenger+at+Yahoo%21+Groups%26h2%3Dn3td3v%26h3%3Dhttp%253A//my.yahoo.com&w=n3td3v&d=U5wy1m1aMbOe&icp=1&.intl=us
(your "Concept").
Sorry to tell you, but there is no vulnerability involved here (except
maybe a lame XSS, didn't try that though).
--
Bernhard
Powered by blists - more mailing lists