Yahoo Remote Command Execution via Admin/Upload Bypass

Hello Everyone, Recently I was analyzing an XSS vulnerability on one of Yahoo’s Subdomains where I decided to also analyze the HTTP Headers. While doing so I came across the admin login page on (, due to the fact that the search was being posted to search module from the admin panel.  Well that’s not the best part!