Yahoo.net Full Path Discloure + XSS + Posible Sql injection

[dancezar]

Target: .yahoo.net

Exploit #1 Full path discloure:

http://s21.postimg.org/op7ug87tj/fpd.png

Exploit #2 Cross site scripting POST

http://s30.postimg.org/6qj3jcahc/yahoo.jpg

Exploit #3 Sql injection (True and false)

True:View image: true

False:http://s15.postimg.org/trvc34vwb/false.png

Toate in acelasi subdomeniu.Ps: daca cautati putin s-ar putea sa il gasiti

--Vurnerabilitati Raportate

Edited January 12, 2014 by danyweb09

[AsalT]

Felicitari!

yahoo.net?

[dancezar]

Da toate is in .net

//Is domenii care le apartin

Edited January 12, 2014 by danyweb09

[dekeeu]

Aceleasi chestii le-am gasit si eu intr-un .net si n`am mai primit nimic de 3 luni .

[tpad]

Va vor spune ca nu sunt in scope:)

[dancezar]

Va vor spune ca nu sunt in scope:)

Nu sunt in scope pentru bani dar am raportat un fpd intr-un .net si am primit HOF

//se ofera bani doar pentru vurnerabilitati grave in .net

Edited January 12, 2014 by danyweb09

[dekeeu]

Si SQLi-ul se incadreaza ?

[nacks]

Si SQLi-ul se incadreaza ?

Eu am primit pentru doua SQLi:

Yahoo! has awarded you a $326 bounty for 6******8

[dekeeu]

Si eu am primit pentru un SQLi:

[FONT=arial]Hi X,[/FONT]

[FONT=arial]At the time of the report we had not completed the details around the bug bounty program. The program scope covers [/FONT][URL="http://yahoo.com/"]yahoo.com[/URL][FONT=arial] and [/FONT][URL="http://flickr.com/"]flickr.com[/URL][FONT=arial] along with the respective mobile and client side apps. ([/FONT][url=http://bugbounty.yahoo.com/]Yahoo - Bug Bounty Program Rules[/url][FONT=arial])[/FONT]

[FONT=arial]The bug on [/FONT][URL="http://yahoo.net/"]yahoo.net[/URL][FONT=arial] was found to be out of scope. We have listed you as a contributor on the Wall of Fame to show our appreciation.

[florin_darck]

Eu am primit pentru doua SQLi:

Yahoo! has awarded you a $326 bounty for 6******8

In .net sau .com ?

[nacks]

doar una dintre ele in .net