mailing list archives
Re: Skype account + IM history hijack vulnerability
From: "Nick FitzGerald" <nick () virus-l demon co uk>
Date: Thu, 15 Nov 2012 16:45:29 +1300
See into the future?
Padding oracle attacks?
Oracle SQL injections?
(Don't get too tied up in the crypto stuff in that article.)
klondike's point is that simply monitoring the response of the "user X
wants to change their password" web-form tells you whether there is, in
fact, a user named "X" on the system. That's kinda obvious from the
bash script klondike provided, and I don't do bash...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Skype account + IM history hijack vulnerability Jeffrey Walton (Nov 19)