XSS in Yahoo Subdomain - Mohamed Haron

Mohamed Haron

This Personal Blog about Security and Writes-Up

Apr 1, 2018

XSS in Yahoo Subdomain

 Flash XSS in Subdomain ( https://yef.grants.yahoo.com )

Hello everyone This is my first Blog 
about find an XSS in Yahoo 

Sure Its hard to Get an XSS in Yahoo.com 
So I started in the Subdomians 

I've found this Small Bug :) 
 Yui  Version 3.5.1  on this Subdomian 
and it have XSS Vulnerability in flash files

The Bug was reported about  5 months ago 
The fix they removed this subdomain


Payload :

POC :  https://yef.grants.yahoo.com/yef/lib/3.5.1/build/io-xdr/io.swf?yid=/%22))%3B%7Dcatch(e)%7Balert(document.cookie)%3B%7D// 

Reward : 600$

No comments:

Post a Comment