[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] SpiderOak.com - Disclousure of sensitive information

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] SpiderOak.com - Disclousure of sensitive information
From: Cosmin Maier <cosmin0maier@xxxxxxxxx>
Date: Thu, 18 Jun 2015 20:07:25 +0200

[-] Description
A malicious user can be able to bypass some of SpiderOak filters and retrieve 
sensitive information from database. Revealing system data helps an adversary 
learn about the system and form a plan of attack.

[-] Proof-of-Concept
Full report available on YouTube: http://youtu.be/R_aT4kgB3PI 
<http://youtu.be/R_aT4kgB3PI>

[-] Notes
At the time this alert was first published, SpiderOak patched vulnerability and 
customers are safe.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE-2015-4453 - Authentication bypass in OpenEMR
Next by Date: [FD] Broken, Abandoned, and Forgotten Code, Part 8
Previous by thread: [FD] CVE-2015-4453 - Authentication bypass in OpenEMR
Next by thread: [FD] Broken, Abandoned, and Forgotten Code, Part 8
Index(es):
- Date
- Thread