SheLLniX
26-08-2009, 09:38 AM
A greyhat hacker has discovered a critical SQL injection vulnerability in Yahoo! Local Neighbors discussion board website. The flaw can be used to read information about administrative and user accounts or upload a shell on the server.
Neighbors is a Yahoo! Local feature launched at the end of 2007 with the purpose of providing a place for people to exchange information about events happening in their local communities and other useful info. Yahoo! describes the site as a "practical discussion board for any topic - from neighborhood safety to contractor recommendations."
http://pic.citec.us/out.php/i17731_YahooLocalHacked3.jpg
Info
http://news.softpedia.com/news/Yahoo-Local-Hacked-120044.shtml
Neighbors is a Yahoo! Local feature launched at the end of 2007 with the purpose of providing a place for people to exchange information about events happening in their local communities and other useful info. Yahoo! describes the site as a "practical discussion board for any topic - from neighborhood safety to contractor recommendations."
http://pic.citec.us/out.php/i17731_YahooLocalHacked3.jpg
Info
http://news.softpedia.com/news/Yahoo-Local-Hacked-120044.shtml