Full Disclosure mailing list archives
Re: Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
From: "Kenneth F. Belva" <full-disclosure () silverbackventuresllc com>
Date: Sat, 11 Jan 2014 18:59:23 -0500
Just as an FYI, I also reported this exact bug to Yahoo! in November on 11/21/2013 as part of the BugBash at OWASP AppSecUSA 2013 through BugCrowd, prior to your December 13th disclosure date to Yahoo. As part of my discussions with Yahoo! Security on this issue I was told that it was reported to them before my 11/21/13 disclosure. It is currently not fixed and, in the interest of responsible disclosure, I did not wish to make it public until the appropriate time. Ken On 01/11/2014 05:40 PM, Stefan Schurtz wrote:
Advisory: Yahoo Bug Bounty Program Vulnerability #2 Open Redirect Advisory ID: SSCHADV2013-YahooBB-002 Author: Stefan Schurtz Affected Software: Successfully tested on ads.yahoo.com Vendor URL: http://yahoo.com Vendor Status: informed ========================== Vulnerability Description ========================== The 'piggyback'-Parameter on "http://ads.yahoo.com" is prone to an Open Redirect ========================== PoC-Exploit ========================== http://ads.yahoo.com/pixel?id=2454131&t=2&piggyback=http%3a//www.google.de&_msig=10r7s21mt&rmxbkn=26&_cbv=187571889 ========================== Solution ========================== - ========================== Disclosure Timeline ========================== 13-Dec-2013 - vendor informed by contact form (Yahoo Bug Bounty Program) 31-Dec-2013 - next message to the Yahoo Security Contact 04-Jan-2014 - feedback from vendor 04-Jan-2014 - vendor informed again about the three vulnerabilities 06-Jan-2014 - Feedback from vendor - Open redirects are no longer in scope of the Bug Bounty program ========================== Credits ========================== Vulnerability found and advisory written by Stefan Schurtz. ========================== References ========================== http://yahoo.com http://www.darksecurity.de/advisories/BugBounty2013/yahoo/SSCHADV2013-YahooBB-002.tx _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Yahoo Bug Bounty Program Vulnerability #2 Open Redirect Stefan Schurtz (Jan 11)
- Re: Yahoo Bug Bounty Program Vulnerability #2 Open Redirect Kenneth F. Belva (Jan 13)
- Re: Yahoo Bug Bounty Program Vulnerability #2 Open Redirect Stefan Schurtz (Jan 13)
- Re: Yahoo Bug Bounty Program Vulnerability #2 Open Redirect Kenneth F. Belva (Jan 13)