Create a new version of paste: Pxnszw7b

Don't like ads? PRO users don't see any ads ;-)

Untitled2 sec ago
Untitled5 sec ago
Untitled5 sec ago
Untitled6 sec ago
Untitled7 sec ago
Untitled25 sec ago
Untitled11 sec ago
Untitled27 sec ago

New Paste

Hello f0lks, sorry for being late but Here comes the rain again :)
This is ViruS_HimA [From Egypt with love] :)
get in touch on adam.theruler<'at'>yahoo

First of all let me clear some points:
1- I'm one person not a group!
3- I've published only little records for Adobe and I will never use/share/sell/publish Adobe/Yahoo data/exploits anywhere, 
   Yes it's a promise.
   As i said i'm not looking to ruin anybody business, I've stopped black hat activities long time ago and will never be a black hat again.
   Why? because long time ago i started working as a security researcher and penetration tester in legal manner with legal companies, 
   so I'm not looking to ruin my career/reputation because of such activities.
   
   #Oh man you already published emails from Adobe DB, little records yes but this was illegal? it's better to report such things for
   vendors not to publish on the internet?!
   
   This is a good question.
   I'm very active vulnerability researcher, i'm  doing vulnerability researches every single minute in every single hour in every single day. 
   Because of that, i have found tens of 0days vulnerabilities in big web sites such as Adobe/Micorsoft/Yahoo/Google/Apple/Facebook and many more, 
   As I said I've stopped black hat activities long time ago, I started reporting the vulnerabilities to the vendors. 
   Google was great in fast reply and patch release. same goes with some others. But for Adobe and Yahoo they were so slow in reply 
   and fix, You know what? Yahoo never reply for my message!
   So i decided to teach both of them a hard lesson to harden them security procedures. It would make a disaster if such companies
   vulnerabilities was privately used in the underground and they never know about it! not only their customers been affected but the vendors themselves also suffer from such exploits.
   Adobe acrobat/flash, Yahoo data leak of that 400k emails, and that hotmail remote password reset vulnerabilities is an example.
   
   When i thought to teach Adobe the lesson I said to myself, if i won't publish a strong proof of concept for the vulns so i won't gain any
   trustworthy or reputation for my notes! also if i published only adobe emails so they would deny the leak and say 
   it's randomly generated emails or collected from different DB's which is not related to Adobe DB's!
   But if i leaked more emails specially if it's a critical emails like .mil they will move 10x faster for patching the vulnerabilities
   and will be forced to take better security procedures. And yes, this is what really happened!
   they investigated the case, shouted-down the vulnerable web site, Emailed me in the same day asking for vulnerability details,
   I sent them the details and they said we are working to patch it and to amendment our security!
   God dam it! such things was taking 3-4 months in the vulnerabilities i reported to them before!
   Now all this things done in only one day! now you know why i did that and that i was right in everything i did?
   
   
  Here we go for Yahoo. but this time i will publish proofs only without publishing data like in Adobe case, 
  I already gained the trustworthy I was looking for.
   
   ~ Leaks contains:
   Full files backup for one of Yahoo domains!! [Lead to full access on the server of that domain]
   Full access to "12" of Yahoo Databases!! [Lead to full access on the server of that domain]
   Reflected-XSS(Cross Site Scripting) vulnerability.
   
   Proofs:
   ~ Full files backup for one of Yahoo domains ~
   IMG1: http://tnypic.net/e5wsf.jpg
   [if removed] : http://s15.postimage.org/5y28oreor/image.jpg
   IMG2: http://tnypic.net/9v3dk.jpg
   [if removed] : http://s11.postimage.org/6frqpm2o3/image.jpg
   
   ~ An SQL Injection vulnerability in one of Yahoo domains ~
   IMG1: http://tnypic.net/t7am1.jpg
   [if removed] : http://www.m5zn.com/img/?img=7cff83cbe4970da.jpg
   Hints for DB's names: Pr***tionH**s, k*az*y << fair eh?
   
   ~ XSS(Cross Site Scripting) vulnerability ~
   IMG1: http://tnypic.net/la2va.jpg
   [if removed] : http://www.m5zn.com/img/?img=1693cee8ae3d2a4.jpg
   
   Notes: 
   1- I'm not the one on the news who is selling the Yahoo xss for 700$, you may noticed that his name is "TheHell" 
   idk why that krebsonShitz is linking me to that attack! why i don't sell things I got here? while it's awesome stuff not just XSS!!!
   2- I'm not planning to do any more leaks soon!
   Hey Yahoo! you have to think well about making Hall of fame for security researchers 
	  because this will get you much reports for your vulnerabilities.(just a suggestion!)
	  
   Always be proactive not reactive in safeguarding your critical data.
   ~ By ViruS_HimA ~
   
   ~ Shoots:
   Big shoots for (WZ) davai davai moy drog :P
   BlueKaizen Team specially Mo3tz :) << Couldn't to attend this year but heard it R0xed like a charm!
   Synabse Team Specially Obzy & Sud0 :P

Optional Paste Settings

Syntax Highlighting:

Paste Expiration:

Paste Exposure:

Paste Name / Title:

Hello Guest
Sign Up or Login

You are currently not logged in, this means you can not edit or delete anything you paste. Sign Up or Login

Pastebin.com Tools & Applications

iPhone/iPad

Windows

Firefox

Chrome

WebOS

Android

Mac

Opera

Click.to

UNIX

WinPhone