Reflected XSS on www.yahoo.com
Hello guys, my name is Samuel I’m a bug hunter from Chile, it’s my first post about bug bounty programs. Today, I want to share with you a XSS which I found in main domain of Yahoo.
I have detected a Reflected XSS in this website. The vulnerable endpoint was the next:
Every time I put any text, it was reflected on the web site. After adding the payload, I saw
The simple payload was working.
I managed to notice the presence of the vulnerability, now I share the simple payload that I used. Finally I share the video that I did about this vulnerability.
- July 20 — I sent to report
- July 20 —Triaged
- July 23 — Resolved
- August 8 — Bounty for me :D