Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues, so I wrote a new message to them (this time via email).
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
So here is my advisory for this issue:
Advisory:
|
Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
|
Advisory ID:
|
SSCHADV2013-YahooBB-002
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ads.yahoo.com
|
Vendor URL:
|
|
Vendor Status:
|
informed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The ‘piggyback’-Paramter on "http://ads.yahoo.com" is prone to an Open Redirect
======================
PoC-Exploit
======================
PoC-Exploit
======================
http://ads.yahoo.com/pixel?id=2454131&t=2&piggyback=http%3a//www.google.de&_msig=10r7s21mt&rmxbkn=26&_cbv=187571889 |
======================
Solution
======================
-
======================
Disclosure Timeline
======================
13-Dec-2013 – vendor informed by contact form (Yahoo Bug Bounty Program)
31-Dec-2013 – next message to the Yahoo Securiy Contact
04-Jan-2014 – feedback from vendor
04-Jan-2014 – vendor informed again about the three vulnerabilities (which still works)
06-Jan-2014 – feedback from vendor and last contact at the moment
======================
Credits
======================
Vulnerabilities found and advisory written by Stefan Schurtz.
======================
References
======================
http://yahoo.com/
http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2013-YahooBB-002.txt
Comments
Display comments as Linear | Threaded