[SCD + URL Redirection] [*].yahoo.com

[akkiliON]

Salut tuturor,

Am creat acest topic s? v? spun c? am g?sit trei vulnerabilit??i în ni?te subdomenii, care apar?in de Yahoo. Am g?sit 1x URL Redirection ?i 2x Source Code Disclosure. Mai unpic am s? primesc ?i recompensele.

Azi diminea?? am primit acest mesaj la fiecare bug raportat.

Thank you for reporting a security vulnerability to Yahoo, we truly appreciate your commitment, energy, and dedication to make Yahoo a safer place on the web.

As you may know we are in the process of updating our vulnerability reporting program, as detailed here <http://yahoodevelopers.tumblr.com/post/62953984019/so-im-the-guy-who-sent-the-t-shirt-out-as-a-thank-you>.

If you have not already done so, please provide your name and best email address and we will get back to you shortly regarding a reward.

Regards,

Yahoo Security Contact

Nu are rost s? mai postez vreo poz? pt c? ?ti?i cum arat? source code disclosure ?i url redirection.

[Guest]

Posteaza si cat ai luat si felicitari.

[akkiliON]

Posteaza si cat ai luat si felicitari.

Am s? postez.

[nein]

felicitari ! , pentru xss stored cat ai primt?

[akkiliON]

felicitari ! , pentru xss stored cat ai primt?

Nimic. E reparat ?i f?r? nici un r?spuns. Mi-a zis un prieten c? cineva de pe twitter a g?sit 2 xss-uri în Yahoo! Mail. Se poate din cauza asta. Le-am trimis un mesaj s? v?d ce spun.

[florin_darck]

Exact acelasi raspuns l-am primit si eu pentru un Flash XSS

[akkiliON]

Înc? un xss la care am primit r?spuns !

Hello,

Thanks for sending this vulnerability our way. We were able to verify it and have the appropriate team working on it.

As you may know we are in the process of updating our vulnerability reporting program, as detailed here:

<http://yahoodevelopers.tumblr.com/post/62953984019/so-im-the-guy-who-sent-the-t-shirt-out-as-a-thank-you>.

Please hang tight to hear back from us regarding the next steps.

[nacks]

Care este timpul de raspuns ? Am si eu 3 trimise de luni (14.10) si inca nu am un raspuns. MS

L.E: pana la modificarea adusa acestui program, primeam un raspuns in maxim 24h.

Edited October 16, 2013 by nacks

[akkiliON]

Care este timpul de raspuns ? Am si eu 3 trimise de luni (14.10) si inca nu am un raspuns. MS

L.E: pana la modificarea adusa acestui program, primeam un raspuns in maxim 24h.

Depinde. Eu din 12 oct am trimis un xss si astazi am primit un mesaj.

Edited October 16, 2013 by akkiliON

[nacks]

Am primit si eu raspuns:

Thank you for reporting a security vulnerability to Yahoo, we truly appreciate your commitment, energy, and dedication to make Yahoo a safer place on the web. As you may know we are in the process of updating our vulnerability reporting program, as detailed here <http://yahoodevelopers.tumblr.com/post/62953984019/so-im-the-guy-who-sent-the-t-shirt-out-as-a-thank-you>. If you have not already done so, please provide your name and best email address and we will get back to you shortly regarding a reward.

Regards,
Yahoo Security Contact 

[akkiliON]

Am mai g?sit un xss în yahoo.

Ast?zi am mai primit un r?spuns de pe un xss ?i e valid.

[Storm_99]

felicitari

[akkiliON]

Update:

Yahoo! has awarded you a $394 bounty for 6594****:

Open redirect uk.local.yahoo.com

Yahoo! has awarded you a $250 bounty for 660****:

Self inflicted XSS on tw.myblog.yahoo.com