Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking

[Laurelai <laurelai@xxxxxxxxxxxx>]

On 10/7/2011 12:30 PM, xD 0x41 wrote:
> Hi,
> Another security expert... sheesh... and they cannot do simplest of 
> tasks, makes me wonder really how do they get anything atall coded, 
> but then again i doubt there is code... I bet theyre all some 
> persistent xss etc... wich would req some fuzz tool... well, 
> cewrtainly see better people like kcope who does not call himself any 
> senior security, yet has made many of remote exploits, and he posts 
> them in his <body> so, it should be i think put in the email-bdy, 
> responsibly that is.
> That would be good to have but since everyone company takes ITsec so 
> differently, i know MS and Google have great disclosure policies, but 
> this is supposed to be on theyre end, not ours... so i guess its 
> another good question.
> cheers
> xd
>
>
>
> On 8 October 2011 06:25, Peter Dawson <slash.pd@xxxxxxxxx 
> <mailto:slash.pd@xxxxxxxxx>> wrote:
>
>     if I get it right this dude is supposed to be "
>
>       * Senior Security Analyst at iViZ Techno Solutions Pvt. Ltd.
>         
> <http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof>
>
>
>     Whatever happened  on protocol's for  responsible disclosure ?
>
>     On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41 <secn3t@xxxxxxxxx
>     <mailto:secn3t@xxxxxxxxx>> wrote:
>
>         Screw you dude, attaching executable doc files , and then
>         pushing out a few *0days*
>         I wont be looking at *any* thing attached as a doc, thats just
>         common sense. nowdays, and there is abs NO need on this list
>         for it, it is FD, your meant to put it in the BODY of email,
>         or atleast maybe next time, change the type to linux 0day and
>         attach .S file... ??
>         screw u and ur advisorys, fix them into proper order asin
>         written as any would be, and ill read it, but never ask a dood
>         to open the attachment!
>
>
>
>
>         On 7 October 2011 22:48, asish agarwalla
>         <asishagarwalla@xxxxxxxxx <mailto:asishagarwalla@xxxxxxxxx>>
>         wrote:
>
>             Hi,
>
>             LinkedIn_User Account Delete using Click jacking.
>
>             This Vulnerability is accepted by LinkedIn they are in a
>             process to patched it but not yet patched.
>
>             Please find the document describing the vulnerability.
>
>             Regards
>             Asish
>
>             _______________________________________________
>             Full-Disclosure - We believe in it.
>             Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>             Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Ok ive gotten it open in a disposable vm and extracted out all the info, 
ive converted it into its component images and an html file that had the 
text of the document,  located here.

http://ge.tt/9XUyZY8

no password.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/