Dumping Yahoo authentication secrets with an out-of-bounds read
scarybeastsecurity.blogspot.comFor those wondering, this issue (referred to as YB2 or Yahoobleed #2 by the author) has already been fixed by Yahoo:
> Yahoo! fixed YB2 at the same time as YB1, by retiring ImageMagick.
FWIW, I've been very impressed with how Yahoo! handled this disclosure.
Ouch. I have a site the generates images with ImageMagick based on user input. Guess I'm off to look for details.
This is YB (Yahoobleed) #2. You might also enjoy YB #1: "*bleed continues: 18 byte file, $14k bounty, for leaking private Yahoo! Mail images": https://scarybeastsecurity.blogspot.com/2017/05/bleed-contin...
What is pointer visualization?
Neo stares at the endlessly shifting river of information, bizarre codes and equations flowing across the face of the monitor. NEO Do you always look at it encoded? CYPHER Have to. You have no idea what the server is running - there's way too much information to decode the Yahoo. You get used to it, though. Your brain does the translating. I don't even see the code. All I see is "pointer", "string compare", "function call". You want a drink?Interpreting memory as an image and suspecting that the memory contains a pointer.
https://googleprojectzero.blogspot.de/2014/08/what-does-poin...