A greyhat hacker has discovered a critical SQL injection vulnerability in Yahoo! Local Neighbors discussion board website. The flaw can be used to read information about administrative and user accounts or upload a shell on the server.

Neighbors is a Yahoo! Local feature launched at the end of 2007 with the purpose of providing a place for people to exchange information about events happening in their local communities and other useful info. Yahoo! describes the site as a "practical discussion board for any topic - from neighborhood safety to contractor recommendations."



Info
http://news.softpedia.com/news/Yahoo...d-120044.shtml