This write-up will cover how I bypassed one of Yahoo’s log-in pages with a sample trick. Even though I had decided to not write anything about this report (since it was out of scope), but a few people wanted to see the trick and I thought It would be a great thing to share with everyone else. (So please don’t bother to mention it’s out of scope and carry on with the post)
Today I will be writing about my experience with PayPal’s Bug Bounty Program and how I was able to discover a Remote Code Execution on one of their branded websites.
After my LFI and RCE reports I decided to focus on another type of attack. After reading Jordan Milne’s report on HK promotions, he pointed “It’s a good place to look because it has lots of PHP scripts and Flash, it looks like it wasn’t done by Yahoo’s core devs, and most auditors aren’t looking there since its content is mostly in Chinese”. Indeed! So I decided to expand on these domains and started to poke around the following URL and was able to make 5 different reports with 8 vulnerable files.
Hello Everyone, Recently I was analyzing an XSS vulnerability on one of Yahoo’s Subdomains where I decided to also analyze the HTTP Headers. While doing so I came across the admin login page on (hk.yahoo.net), due to the fact that the search was being posted to search module from the admin panel. Well that’s not the best part!
I have recently reported a Directory Traversal to Yahoo! that I’d like to share with everyone. As I was roaming around the health.yahoo.com website (which redirects to health.yahoo.net). I came across the following link: