[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CACrrWh+k7LtA9kpCUYdK6FkfAxuACYLZLYi+ixSHAvBp0adjjQ@mail.gmail.com>
Date: Wed, 27 Nov 2013 19:33:05 +0100
From: Robert Kugler <robert.kugler10@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Yahoo Open Redirect Vulnerability - or "Designing
vulnerabilities"
Hello all!
I'm Robert Kugler a 17-year-old German student.
In the past I took part in a variety of bug bounty programs. I helped
Mozilla,PayPal, AVAST Software and Microsoft (to name a few) by reporting
vulnerabilities.
Now I tried to participate in Yahoo's bug bounty program and sent them a
range of discovered open redirect vulnerabilities, because they especially
state they are eligible for a bounty. I took one of the last emails from
Yahoo to show you the problem. It's not a critical vulnerability like XSS
or RCE. Nevertheless the flaw will damage Yahoo's reputation if it's abused
by spammers, because the link seems to direct the user to Yahoo's
trustworthy site.
http://bugbounty.yahoo.com/
*The vulnerability:*
http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://www.google.com/
This link will redirect you to any site you want, phishing sites, exploit
kits etc..
*Now Yahoo's point of view:*
"Robert,
Thank you for your submission to Yahoo! We are aware of this functionality
on our site and it is working as designed. Please continue to send us
vulnerability reports!
Regards,
Yahoo Security Contact"
Designed for cybercriminals! This kind of vulnerability isn't new to
Yahoo...
"...According to E Hacking News, the cybercriminals have also leveraged a
similar vulnerability in a Yahoo domain to trick users into thinking that
the links point to a trusted website...." (07.06.2013)
http://news.softpedia.com/news/Open-Redirect-Flaw-in-CNN-Site-Abused-by-Spammers-50-Cent-Falls-for-It-359304.shtml
I hope this will change Yahoo's opinion!
Be careful & stay safe!
Robert Kugler
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists