Re: [FD] Yahoo! hacked on October 5, 2014...

2014-10-08 Thread illwill
http://www.wired.com/2014/10/shellshockresearcher/ On 10/7/2014 3:42 PM, Pål Nilsen wrote: > I guess this is related?: https://news.ycombinator.com/item?id=8416393 > On 7 Oct 2014 20:51, "Jonathan Hall" wrote: > >> I submitted to Yahoo! earlier some documentation detailing both the >> "shellshock

Re: [FD] Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)

2014-04-29 Thread Illwill
What circumstance would a WordPress admin not usually have this kind of access anyhow? Why the delay in discovery til reporting? On April 29, 2014 6:32:01 AM EDT, dxw Security wrote: >Details > >Software: File Gallery >Version: 1.7.7,1.7.9 >Homepage: http://wordpress.org/plugins/

Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction

2014-04-03 Thread illwill
did you know the second section of the filename is the users actual facebook user id? 6549_*16544614736*_44875_n.jpg https://www.facebook.com/profile.php?id=*16544614736 * -illwill illw...@illmob.org http://illmob.org On 4/1/2014 5:59 AM, Bipin Gautam wrote: > Hi List, > &g