[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking



On 10/7/2011 12:30 PM, xD 0x41 wrote:
Hi,
Another security expert... sheesh... and they cannot do simplest of tasks, makes me wonder really how do they get anything atall coded, but then again i doubt there is code... I bet theyre all some persistent xss etc... wich would req some fuzz tool... well, cewrtainly see better people like kcope who does not call himself any senior security, yet has made many of remote exploits, and he posts them in his <body> so, it should be i think put in the email-bdy, responsibly that is. That would be good to have but since everyone company takes ITsec so differently, i know MS and Google have great disclosure policies, but this is supposed to be on theyre end, not ours... so i guess its another good question.
cheers
xd



On 8 October 2011 06:25, Peter Dawson <slash.pd@xxxxxxxxx <mailto:slash.pd@xxxxxxxxx>> wrote:

    if I get it right this dude is supposed to be "

      * Senior Security Analyst at iViZ Techno Solutions Pvt. Ltd.
        
<http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof>


    Whatever happened  on protocol's for  responsible disclosure ?

    On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41 <secn3t@xxxxxxxxx
    <mailto:secn3t@xxxxxxxxx>> wrote:

        Screw you dude, attaching executable doc files , and then
        pushing out a few *0days*
        I wont be looking at *any* thing attached as a doc, thats just
        common sense. nowdays, and there is abs NO need on this list
        for it, it is FD, your meant to put it in the BODY of email,
        or atleast maybe next time, change the type to linux 0day and
        attach .S file... ??
        screw u and ur advisorys, fix them into proper order asin
        written as any would be, and ill read it, but never ask a dood
        to open the attachment!




        On 7 October 2011 22:48, asish agarwalla
        <asishagarwalla@xxxxxxxxx <mailto:asishagarwalla@xxxxxxxxx>>
        wrote:

            Hi,

            LinkedIn_User Account Delete using Click jacking.

            This Vulnerability is accepted by LinkedIn they are in a
            process to patched it but not yet patched.

            Please find the document describing the vulnerability.

            Regards
            Asish

            _______________________________________________
            Full-Disclosure - We believe in it.
            Charter: http://lists.grok.org.uk/full-disclosure-charter.html
            Hosted and sponsored by Secunia - http://secunia.com/



        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.grok.org.uk/full-disclosure-charter.html
        Hosted and sponsored by Secunia - http://secunia.com/






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
The document appears to be password protected as well. Ive tried to open it in a VM and it prompts for a password.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/