Yahoo Authentication Bypass with Add/Edit/Upload + Full Path Disclosure + MySQL Credentials

Hello,
This write-up will cover how I bypassed one of Yahoo’s log-in pages with a sample trick. Even though I had decided to not write anything about this report (since it was out of scope), but a few people wanted to see the trick and I thought It would be a great thing to share with everyone else. (So please don’t bother to mention it’s out of scope and carry on with the post)

Yahoo SQL Injection!

Hello everyone,

After my LFI and RCE reports I decided to focus on another type of attack. After reading Jordan Milne’s report on HK promotions, he pointed “It’s a good place to look because it has lots of PHP scripts and Flash, it looks like it wasn’t done by Yahoo’s core devs, and most auditors aren’t looking there since its content is mostly in Chinese”. Indeed! So I decided to expand on these domains and started to poke around the following URL and was able to make 5 different reports with 8 vulnerable files.