Feb 26, 2019

[Still work] Redirect Yahoo Subdomain XSS Reflected from americangreetings.com

Advertisement





Bug Type : Reflected XSS
Affected Site : americangreetings.com 
Yahoo Subdomain : greetings.yahoo.com


Description 
I've reported this to yahoo and Greeting but was marked as infromative 
so they don't mind to disclose it.

This XSS  still work 

I've found that yahoo subdomain greetings.yahoo.com can be redirect to any path americangreetings.com 

So I tried to get a reflected XSS at americangreetings.com in paths

The XSS was affected this path 
/search-results/{xss payload}

************************************
Suggested fix to yahoo was
to make fix like 
greetings.yahoo.ca
it redirect only to site home only 

***************************************

Poc link : 

http://greetings.yahoo.com/search-results/'"--><Details Open OnToggle=confirm`Haron`>

https://www.americangreetings.com/search-results/'%22--%3e%3cDetails%20Open%20OnToggle=confirm%60Haron%60%3e


*************************************


Share This
Latest
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

0 comments: