Stored XSS in Yahoo!

Sharing is Caring :)
When we share, we open doors to a new beginning…../

Well, This is Shahzada Al Shahriar Khan. And I am from Bangladesh.
Now I am going to share how I found Stored Cross-Site Scripting (XSS) in Yahoo.

Steps to Reproduce:

Go to https://www.yahoo.com/news

Comment this payload: "><img src=x onerror=confirm(1);>

Now what? Voila! We get the famous confirm(1) to popup! :D

I am trying another payload that I can write something in popup box, and found this payload: <img src=x onerror=prompt(1337)>
That moment I feel like a boss!

Here is the video PoC:

Video PoC

Timeline:

31/03/2018 — Initial Report.

01/04/2018 — HackerOne staff asked for ‘Needs more info.’

01/04/2018 — More Info Submitted.

04/04/2018 — Triaged and a $300 initial bounty rewarded.

06/04/2018 — Bug Resolved.

11/04/2018 — $1700 bounty rewarded. ( Total $2000 )

Thanks for reading…./

./TheShahada

Originally published at steemit.com on April 27, 2018.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store