Yahoo SQL Injection!

Hello everyone,

After my LFI and RCE reports I decided to focus on another type of attack. After reading Jordan Milne’s report on HK promotions, he pointed “It’s a good place to look because it has lots of PHP scripts and Flash, it looks like it wasn’t done by Yahoo’s core devs, and most auditors aren’t looking there since its content is mostly in Chinese”. Indeed! So I decided to expand on these domains and started to poke around the following URL and was able to make 5 different reports with 8 vulnerable files.

Continue reading