Reflected XSS on www.yahoo.com

Hello guys, my name is Samuel I’m a bug hunter from Chile, it’s my first post about bug bounty programs. Today, I want to share with you a XSS which I found in main domain of Yahoo.

I have detected a Reflected XSS in this website. The vulnerable endpoint was the next:

https://www.yahoo.com/author/vulnerablendpoint

vulnerable endpoint

Every time I put any text, it was reflected on the web site. After adding the payload, I saw

https://www.yahoo.com/author/"><%2fscript><script>alert(document.domain)<%2fscript>

The simple payload was working.

I managed to notice the presence of the vulnerability, now I share the simple payload that I used. Finally I share the video that I did about this vulnerability.

Timeline

  • July 20 — I sent to report
  • July 20 —Triaged
  • July 23 — Resolved
  • August 8 — Bounty for me :D

Thanks

@saamux