sensi Posted February 8, 2014 Report Share Posted February 8, 2014 (edited) • Exploit: *.yahoo.com - Cross Site Scripting (reflected)• Author: sensi• Tested on: Mozilla Firefox• Status: Reported• PoC: http://iceimg.com/bkET8egQ/showoff.png Edited February 10, 2014 by sensi Quote Link to comment Share on other sites More sharing options...
Melkachit Posted February 8, 2014 Report Share Posted February 8, 2014 Felicitari o sa primesti un tricou . Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted February 8, 2014 Active Members Report Share Posted February 8, 2014 (edited) Felicitari o sa primesti un tricou .falicitari esti prost este bug bounty ma anticulebravo sensi poti primi pana la 400-500$//sper ca l-ai raportat la hackerone Edited February 8, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...
sensi Posted February 8, 2014 Author Report Share Posted February 8, 2014 Multumesc! Si da, l-am raportat. Quote Link to comment Share on other sites More sharing options...
b3hr0uz Posted February 10, 2014 Report Share Posted February 10, 2014 Hi,Can you publish the string you used for the xss?<i onmouseover=alert(1)> Quote Link to comment Share on other sites More sharing options...
sensi Posted February 10, 2014 Author Report Share Posted February 10, 2014 Hi, I used "><img src=x onerror=prompt(1)> Quote Link to comment Share on other sites More sharing options...
Htich Posted February 10, 2014 Report Share Posted February 10, 2014 Qualifying bugs will be rewarded based on severity. Our minimum reward is $250 USD, our maximum is $15,000 USD. Rewards are granted entirely at the discretion of Yahoo.Nu este rau de loc, bafta in ceea ce faci! Quote Link to comment Share on other sites More sharing options...
sensi Posted February 10, 2014 Author Report Share Posted February 10, 2014 Mersi, am mai raportat si o vulnerabilitate de tip YQL, astept sa-mi raspunda Quote Link to comment Share on other sites More sharing options...
b3hr0uz Posted February 10, 2014 Report Share Posted February 10, 2014 Thank you, sensi. I have reported a few myself. I am just trying to get in touch with other researchers and came across your post! Great work, man! I was lucky enough to find an on Yahoo! Send me your contact info, let's trade some information! Quote Link to comment Share on other sites More sharing options...
Shelo Posted February 10, 2014 Report Share Posted February 10, 2014 Cine au facut site-urile de la Yahoo ... sunt vro 20 vulnerabilitati pe putin...Au fost incopetenti acum sa plateasca. Quote Link to comment Share on other sites More sharing options...