Hello everyone, my name is Bernardo and I’m from Chile, this time I bring you a bug (IDOR) that I found in Yahoo that allows you to remove any comments on the website.
I found this vulnerability on a page https: //*.yahoo.com, which users commented and evaluated a product from that website, so I started to see the comments and evaluations of users on the website and I found with the next surprise.
Id = my own
id = user
and the surprise appeared the comment of that user was deleted.
my face when this happened
thanks for reading this post
bug bounty yahoo reward
and swag yahoo :D
My data: https://twitter.com/bada_77