| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Dec 2014 11:45:48 +0800 From: Jing Wang <justqdjing@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities *Yahoo Yahoo.com Yahoo.co.jp <http://Yahoo.co.jp> Open Redirect Security Vulnerabilities* Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all. Multiple Open Redirect vulnerabilities were reported Yahoo. All Yahoo's responses were "this intended behavior". However, these vulnerabilities were patched later. Several other security researcher complained about getting similar treatment, too. http://seclists.org/fulldisclosure/2013/Nov/198 http://seclists.org/fulldisclosure/2014/Jan/51 http://seclists.org/fulldisclosure/2014/Feb/119 All Open Redirect Vulnerabilities are intended behavior? If so, why patch them later? The vulnerability can be attacked without user login. Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (10.0.9200.16521 ) in Windows 8. *(1) Yahoo.com Open Redirect* *Vulnerable URLs:* http://p2.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://help.yahoo.com/help/us/local/index.html http://p3.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com http://p4.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com *Poc Video:* https://www.youtube.com/watch?v=k4eFLsTyZkg *Another Video Published Before:* https://www.youtube.com/watch?v=GTd1Gkj6OUY *Blog:* http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-open-redirect-security.html http://securityrelated.blogspot.com/2014/10/yahoo-open-redirect-vulnerability.html *(2) Yahoo.co.jp <http://Yahoo.co.jp> Open Redirect* Use one of webpages for the following tests. The webpage address is " http://www.inzeed.com/kaleidoscope". Suppose that this webpage is malicious. *Vulnerable URL:* http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030344&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http%3A%2F%2Fshopping.yahoo.co.jp *POC:* http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030330&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http://www.inzeed.com/kaleidoscope *Poc Video:* https://www.youtube.com/watch?v=2SM78WKAVr8&feature=youtu.be *Blog:* http://securityrelated.blogspot.com/2014/12/yahoo-yahoocojp-open-redirect-security.html Reported by: Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore http://www.tetraph.com/wangjing *Blog Details:* http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists