Hello Everyone, Recently I was analyzing an XSS vulnerability on one of Yahoo’s Subdomains where I decided to also analyze the HTTP Headers. While doing so I came across the admin login page on (hk.yahoo.net), due to the fact that the search was being posted to search module from the admin panel. Well that’s not the best part!
I have recently reported a Directory Traversal to Yahoo! that I’d like to share with everyone. As I was roaming around the health.yahoo.com website (which redirects to health.yahoo.net). I came across the following link: