lunes, 31 de agosto de 2009

Yahoo! Local Hacked Vulnerable to SQL injection and cross-site scripting (XSS)

The hacker who discovered the vulnerability goes by the online nickname of "Unu" and had previously uncovered similar vulnerabilities in other high profile websites. He notes that despite finding SQL injection and cross-site scripting (XSS) vulnerabilities in Yahoo! websites before, this is the first time when he encountered a MySQL 5 server being used by the company.

The screenshots provided by the hacker reveal the databases available on the server, as well as the users with access to them. While connections with the "root" account can only be established from local IP addresses owned by Yahoo!, Unu points out that an account called "reply_mon" can be used to access the databases from any host.


Visto en

1 comentario:

d3m4s1@d0v1v0 dijo...

ah pero qué lindo!
Esto demuestra que nadie está a salvo, y que en todos lados se cometen errores... ahora, es bastante feo que sites como yahoo todavía sufran de sql injection y xss