Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
From: "Kenneth F. Belva" <full-disclosure () silverbackventuresllc com>
Date: Sat, 11 Jan 2014 18:59:23 -0500

Just as an FYI, I also reported this exact bug to Yahoo! in November on
11/21/2013 as part of the BugBash at OWASP AppSecUSA 2013 through
BugCrowd, prior to your December 13th disclosure date to Yahoo.

As part of my discussions with Yahoo! Security on this issue I was told
that it was reported to them before my 11/21/13 disclosure.

It is currently not fixed and, in the interest of responsible
disclosure, I did not wish to make it public until the appropriate time.

Ken


On 01/11/2014 05:40 PM, Stefan Schurtz wrote:
Advisory:             Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
Advisory ID:          SSCHADV2013-YahooBB-002 
Author:                       Stefan Schurtz
Affected Software:    Successfully tested on ads.yahoo.com
Vendor URL:           http://yahoo.com
Vendor Status:                informed

==========================
Vulnerability Description
==========================

The 'piggyback'-Parameter on "http://ads.yahoo.com"; is prone to an Open
Redirect

==========================
PoC-Exploit
==========================

http://ads.yahoo.com/pixel?id=2454131&t=2&piggyback=http%3a//www.google.de&_msig=10r7s21mt&rmxbkn=26&_cbv=187571889

==========================
Solution
==========================

-

==========================
Disclosure Timeline
==========================

13-Dec-2013 - vendor informed by contact form (Yahoo Bug Bounty Program)
31-Dec-2013 - next message to the Yahoo Security Contact
04-Jan-2014 - feedback from vendor
04-Jan-2014 - vendor informed again about the three vulnerabilities
06-Jan-2014 - Feedback from vendor - Open redirects are no longer in
scope of the Bug Bounty program

==========================
Credits
==========================

Vulnerability found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://yahoo.com
http://www.darksecurity.de/advisories/BugBounty2013/yahoo/SSCHADV2013-YahooBB-002.tx



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]