Yahoo Remote Command Execution Vulnerability Discovered

• Jan 28, 2014

• #1

H

HardOCP News

[H] News

Joined

Dec 31, 1969

Messages

0

And you guys said Yahoo didn't have any cool features.

 

• Jan 28, 2014

• #2

B

BladeVenom

Supreme [H]ardness

Joined

Jun 29, 2005

Messages

7,707

LOL! Almost makes me want to try Yahoo.

 

• Jan 28, 2014

• #3

A

Ashbringer

Supreme [H]ardness

Joined

Jan 25, 2010

Messages

5,522

BTW, he's using Ubuntu.

 

• Jan 28, 2014

• #4

D

dyzophoria

Gawd

Joined

Jan 17, 2006

Messages

946

Was actually surprised how Yahoo handled that and thanked the person for posting the vulnerability, was expecting another "landed in jail for etc etc" theme

 

• Jan 28, 2014

• #5

E

Exavior

[H]F Junkie

Joined

Dec 13, 2005

Messages

9,700

wait you mean that isn't how you are supposed to make sites function?

 

• Jan 28, 2014

• #6

E

Exavior

[H]F Junkie

Joined

Dec 13, 2005

Messages

9,700

dyzophoria said:

Was actually surprised how Yahoo handled that and thanked the person for posting the vulnerability, was expecting another "landed in jail for etc etc" theme

Click to expand...

Actually a lot of these companies now offer rewards if you can find stuff like this. They only get pissed when you screw up their servers / services, steal information and sell it, or even post online about the issue and never tell them about it in advance.

 

• Jan 29, 2014

• #7

S

sixpac

Limp Gawd

Joined

Jun 8, 2004

Messages

272

Yahoo offers rewards and they better pay him.. he did a service to them. Ethical hacking.

 

• Jan 29, 2014

• #8

R

Rix

Limp Gawd

Joined

Jun 25, 2004

Messages

155

Well, he doesn't live in the United Corporation of America, so I doubt they could put him in jail. But from what I have seen in the past Yahoo is good about these types of things. It was nice of him to post it as opposed to sell it to the highest bidder.