lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Jan 2014 18:59:23 -0500
From: "Kenneth F. Belva" <full-disclosure@...verbackventuresllc.com>
To: full-disclosure@...ts.grok.org.uk
Cc: security@...oo-inc.com, Bugcrowd <support@...crowd.com>
Subject: Re: Yahoo Bug Bounty Program Vulnerability #2
 Open Redirect

Just as an FYI, I also reported this exact bug to Yahoo! in November on
11/21/2013 as part of the BugBash at OWASP AppSecUSA 2013 through
BugCrowd, prior to your December 13th disclosure date to Yahoo.

As part of my discussions with Yahoo! Security on this issue I was told
that it was reported to them before my 11/21/13 disclosure.

It is currently not fixed and, in the interest of responsible
disclosure, I did not wish to make it public until the appropriate time.

Ken


On 01/11/2014 05:40 PM, Stefan Schurtz wrote:
> Advisory:		Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
> Advisory ID:		SSCHADV2013-YahooBB-002	
> Author:			Stefan Schurtz
> Affected Software:	Successfully tested on ads.yahoo.com
> Vendor URL:		http://yahoo.com
> Vendor Status:		informed
> 
> ==========================
> Vulnerability Description
> ==========================
> 
> The 'piggyback'-Parameter on "http://ads.yahoo.com" is prone to an Open
> Redirect
> 
> ==========================
> PoC-Exploit
> ==========================
> 
> http://ads.yahoo.com/pixel?id=2454131&t=2&piggyback=http%3a//www.google.de&_msig=10r7s21mt&rmxbkn=26&_cbv=187571889
> 
> ==========================
> Solution
> ==========================
> 
> -
> 
> ==========================
> Disclosure Timeline
> ==========================
> 
> 13-Dec-2013 - vendor informed by contact form (Yahoo Bug Bounty Program)
> 31-Dec-2013 - next message to the Yahoo Security Contact
> 04-Jan-2014 - feedback from vendor
> 04-Jan-2014 - vendor informed again about the three vulnerabilities
> 06-Jan-2014 - Feedback from vendor - Open redirects are no longer in
> scope of the Bug Bounty program
> 
> ==========================
> Credits
> ==========================
> 
> Vulnerability found and advisory written by Stefan Schurtz.
> 
> ==========================
> References
> ==========================
> 
> http://yahoo.com
> http://www.darksecurity.de/advisories/BugBounty2013/yahoo/SSCHADV2013-YahooBB-002.tx
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists