Full Disclosure mailing list archives
Re: yahoo open redirect vulnerability full disclosur
From: Ronny Vasquez <ronny.vasquezgt () gmail com>
Date: Thu, 13 Feb 2014 08:35:10 -0600
Hi, Works with an Add url that's not expire, when the add is replaced with another one the exploit don't work, but nice vulnerability that you find. On Wed, Feb 12, 2014 at 10:04 AM, Jing Wang <justqdjing () gmail com> wrote:
Dear Sir/Madam, I am a student from NTU, Singapore. My name is Wang Jing. I just found a yahoo open redirect vulnerability and reported it to yahoo 10 days ago. However, yahoo did nothing about it. The following is full disclosure. Attachment is prove of concept video. And the link below is poc video I just posted on youtube. http://www.youtube.com/watch?v=GTd1Gkj6OUY&feature=youtu.be I just found one open url redirection vulnerability in yahoo. This attacks doesn't even need users to login yahoo. My test is on all browsers in all computer systems. I use "poc of exploit" to denote that url redirection works. Now I will use a website just built by me for the following tests. The website is "http://www.tetraph.com". We can think this website is malicious, because it is fully under my control. vulnerable url: http://ads.yahoo.com/clk?3,eJyti18LgjAUxb-QD246p4we5t8UZw0W4d50mKGGEYXZp09N.AT94J5zLvceYBCF9UtV2QgrZakSlgSYhrKLElVloemEEAPbEJuOhTQ6k0nIB789R9Rd9tToJV2pp3Frb8lHe9Z9cD-8KP-d3yxz6F.wnITGa56847z2B9qH1mMMmLu9RTHKxQlKkTSpqEEu6JOJsGMjuLKPbFPR3aQvGyZiJP0W5Hxr7jRN.wKrBU.A,http%3A%2F%2Fwww.facebook.com%2Fcampaign%2Flanding.php%3Fcampaign_id%3D127305407328718 poc exploit: http://ads.yahoo.com/clk?3,eJyti18LgjAUxb-QD246p4we5t8UZw0W4d50mKGGEYXZp09N.AT94J5zLvceYBCF9UtV2QgrZakSlgSYhrKLElVloemEEAPbEJuOhTQ6k0nIB789R9Rd9tToJV2pp3Frb8lHe9Z9cD-8KP-d3yxz6F.wnITGa56847z2B9qH1mMMmLu9RTHKxQlKkTSpqEEu6JOJsGMjuLKPbFPR3aQvGyZiJP0W5Hxr7jRN.wKrBU.A,http%3A%2F%2Fwww.google.com http://ads.yahoo.com/clk?3,eJyti18LgjAUxb-QD246p4we5t8UZw0W4d50mKGGEYXZp09N.AT94J5zLvceYBCF9UtV2QgrZakSlgSYhrKLElVloemEEAPbEJuOhTQ6k0nIB789R9Rd9tToJV2pp3Frb8lHe9Z9cD-8KP-d3yxz6F.wnITGa56847z2B9qH1mMMmLu9RTHKxQlKkTSpqEEu6JOJsGMjuLKPbFPR3aQvGyZiJP0W5Hxr7jRN.wKrBU.A,http%3A%2F%2Fwww.tetraph.com poc video: http://www.youtube.com/watch?v=GTd1Gkj6OUY&feature=youtu.be _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Atentamente, Ronny Vasquez IT Security Advisor.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- yahoo open redirect vulnerability full disclosur Jing Wang (Feb 12)
- Re: yahoo open redirect vulnerability full disclosur Ronny Vasquez (Feb 14)