Follow @EthHackingNews |
The Yahoo small business platform was storing user information in a set of directories that were protected simply by obscurity. The attacker, with knowledge of the victims email, could run an wordlist against a very predictable/guessable service ID and receive information from the response in order to view the victims payment information.
Published: 2017-11-10T00:00:00
Follow @EthHackingNews |