mailing list archives
Re: ITTS012008 - YAHOO WEB MAIL URL REDIR
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 21 Sep 2008 17:33:00 +1200
Martin Fallon wrote:
VI - CRONOLOGY
09/09/2008 - Vulnerability Discovered.
09/10/2008 - Attempt to contact yahoo - no success.
09/11/2008 - Attempt to contact yahoo - no success.
09/15/2008 - Attempt to contact yahoo - no success.
09/20/2008 - Advisore Published.
Sometimes I wonder why we bother...
This has been used in the past (and maybe even to phish Yahoo -- not sure
And reported thusly.
Maybe Yahoo just doesn't care? They fixed this same redirector issue on
other Yahoo sub-domains, but missed (or chose not to fix it on) the
The gibbons in their web dev teams must be seriously underpaid, or just
The Yahoo! security wonks who got this fixed on the other sub-domains
back in February will be a tad pissed at the gibbons for missing this
instance though, I suspect...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/