|
Full Disclosure
mailing list archives
Re: Skype account + IM history hijack vulnerability
From: Benji <me () b3nji com>
Date: Thu, 15 Nov 2012 08:48:25 +0000
Also thank you for posting a link to a well known reference, that was super appreciated.
Next time link something like OWASP, at least most whitehats don't laugh at them so you gain more credibility.
Sent from my iPhone
On 15 Nov 2012, at 03:45, "Nick FitzGerald" <nick () virus-l demon co uk> wrote:
Benji wrote:
Oracle attacks?
See into the future?
Padding oracle attacks?
Oracle SQL injections?
You noobs...
http://www.drdobbs.com/understanding-oracle-attacks-on-informat/184405917
(Don't get too tied up in the crypto stuff in that article.)
klondike's point is that simply monitoring the response of the "user X
wants to change their password" web-form tells you whether there is, in
fact, a user named "X" on the system. That's kinda obvious from the
bash script klondike provided, and I don't do bash...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: **VL-JUNK** Re: Skype account + IM history hijack vulnerability, (continued)
Re: Skype account + IM history hijack vulnerability Jeffrey Walton (Nov 19)
| 
