lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CACrrWh+k7LtA9kpCUYdK6FkfAxuACYLZLYi+ixSHAvBp0adjjQ@mail.gmail.com>
Date: Wed, 27 Nov 2013 19:33:05 +0100
From: Robert Kugler <robert.kugler10@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Yahoo Open Redirect Vulnerability - or "Designing
	vulnerabilities"

Hello all!

I'm Robert Kugler a 17-year-old German student.

In the past I took part in a variety of bug bounty programs. I helped
Mozilla,PayPal, AVAST Software and Microsoft (to name a few) by reporting
vulnerabilities.

Now I tried to participate in Yahoo's bug bounty program and sent them a
range of discovered open redirect vulnerabilities, because they especially
state they are eligible for a bounty. I took one of the last emails from
Yahoo to show you the problem. It's not a critical vulnerability like XSS
or RCE. Nevertheless the flaw will damage Yahoo's reputation if it's abused
by spammers, because the link seems to direct the user to Yahoo's
trustworthy site.

http://bugbounty.yahoo.com/

*The vulnerability:*

http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://www.google.com/

This link will redirect you to any site you want, phishing sites, exploit
kits etc..


*Now Yahoo's point of view:*


"Robert,
Thank you for your submission to Yahoo! We are aware of this functionality
on our site and it is working as designed. Please continue to send us
vulnerability reports!

Regards,
Yahoo Security Contact"


Designed for cybercriminals! This kind of vulnerability isn't new to
Yahoo...


"...According to E Hacking News, the cybercriminals have also leveraged a
similar vulnerability in a Yahoo domain to trick users into thinking that
the links point to a trusted website...." (07.06.2013)


http://news.softpedia.com/news/Open-Redirect-Flaw-in-CNN-Site-Abused-by-Spammers-50-Cent-Falls-for-It-359304.shtml


I hope this will change Yahoo's opinion!


Be careful & stay safe!


Robert Kugler

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ