Reflected XSS on www.yahoo.com

Samuel
Samuel
Aug 12, 2017 · 1 min read

Hello guys, my name is Samuel I’m a bug hunter from Chile, it’s my first post about bug bounty programs. Today, I want to share with you a XSS which I found in main domain of Yahoo.

I have detected a Reflected XSS in this website. The vulnerable endpoint was the next:

https://www.yahoo.com/author/vulnerablendpoint

vulnerable endpoint

Every time I put any text, it was reflected on the web site. After adding the payload, I saw

https://www.yahoo.com/author/"><%2fscript><script>alert(document.domain)<%2fscript>

The simple payload was working.

I managed to notice the presence of the vulnerability, now I share the simple payload that I used. Finally I share the video that I did about this vulnerability.

Timeline

  • July 20 — I sent to report
  • July 20 —Triaged
  • July 23 — Resolved
  • August 8 — Bounty for me :D

Thanks

@saamux

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store