[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Yahoo Open Redirect Vulnerability - or "Designing vulnerabilities"
From: Robert Kugler <robert.kugler10 () gmail ! com>
Date: 2013-11-27 18:33:05
Message-ID: CACrrWh+k7LtA9kpCUYdK6FkfAxuACYLZLYi+ixSHAvBp0adjjQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello all!
I'm Robert Kugler a 17-year-old German student.
In the past I took part in a variety of bug bounty programs. I helped
Mozilla,PayPal, AVAST Software and Microsoft (to name a few) by reporting
vulnerabilities.
Now I tried to participate in Yahoo's bug bounty program and sent them a
range of discovered open redirect vulnerabilities, because they especially
state they are eligible for a bounty. I took one of the last emails from
Yahoo to show you the problem. It's not a critical vulnerability like XSS
or RCE. Nevertheless the flaw will damage Yahoo's reputation if it's abused
by spammers, because the link seems to direct the user to Yahoo's
trustworthy site.
http://bugbounty.yahoo.com/
*The vulnerability:*
http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/ \
Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://www.google.com/
This link will redirect you to any site you want, phishing sites, exploit
kits etc..
*Now Yahoo's point of view:*
"Robert,
Thank you for your submission to Yahoo! We are aware of this functionality
on our site and it is working as designed. Please continue to send us
vulnerability reports!
Regards,
Yahoo Security Contact"
Designed for cybercriminals! This kind of vulnerability isn't new to
Yahoo...
"...According to E Hacking News, the cybercriminals have also leveraged a
similar vulnerability in a Yahoo domain to trick users into thinking that
the links point to a trusted website...." (07.06.2013)
http://news.softpedia.com/news/Open-Redirect-Flaw-in-CNN-Site-Abused-by-Spammers-50-Cent-Falls-for-It-359304.shtml
I hope this will change Yahoo's opinion!
Be careful & stay safe!
Robert Kugler
[Attachment #5 (text/html)]
<div dir="ltr"><div><div>Hello all! <br><br></div>I'm Robert Kugler a 17-year-old German \
student. <br><br></div><div>In the past I took part in a variety of bug bounty programs. I \
helped Mozilla,PayPal, AVAST Software and Microsoft (to name a few) by reporting \
vulnerabilities.<br> <br></div><div>Now I tried to participate in Yahoo's bug bounty \
program and sent them a range of discovered open redirect vulnerabilities, because they \
especially state they are eligible for a bounty. I took one of the last emails from Yahoo to \
show you the problem. It's not a critical vulnerability like XSS or RCE. Nevertheless the \
flaw will damage Yahoo's reputation if it's abused by spammers, because the link seems \
to direct the user to Yahoo's trustworthy site.<br> <br><a \
href="http://bugbounty.yahoo.com/">http://bugbounty.yahoo.com/</a><br><br></div><div><u>The \
vulnerability:</u><br><br><a \
href="http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859: \
FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818 \
733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://www.google.com/">http://u \
s.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/ \
EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://www.google.com/</a><br>
<br><p style="margin:0px">This link will redirect you to any site you want, phishing sites, \
exploit kits etc..</p><p style="margin:0px"><br></p><p style="margin:0px"><u>Now Yahoo's \
point of view:</u></p><p style="margin:0px"> <br></p><p style="margin:0px">"Robert,<br>
Thank you for your submission to Yahoo! We are aware of this
functionality on our site and it is working as designed. Please continue
to send us vulnerability reports!<br>
<br>
Regards,<br>
Yahoo Security Contact"</p><p style="margin:0px"><br></p><p style="margin:0px">Designed \
for cybercriminals! This kind of vulnerability isn't new to Yahoo...<br></p><p \
style="margin:0px"><br></p><p style="margin:0px"> "<span id="intelliTxt">...According to E \
Hacking News, the cybercriminals have also leveraged a similar vulnerability in a Yahoo domain \
to trick users into thinking that the links point to a trusted website...." \
(07.06.2013)<br></span></p><p style="margin:0px"><br></p><p style="margin:0px"><a \
href="http://news.softpedia.com/news/Open-Redirect-Flaw-in-CNN-Site-Abused-by-Spammers-50-Cent-F \
alls-for-It-359304.shtml">http://news.softpedia.com/news/Open-Redirect-Flaw-in-CNN-Site-Abused-by-Spammers-50-Cent-Falls-for-It-359304.shtml</a><br>
</p><p style="margin:0px"><br></p><p style="margin:0px">I hope this will change Yahoo's \
opinion!</p><p style="margin:0px"><br></p><p style="margin:0px">Be careful & stay \
safe!</p><p style="margin:0px"><br></p><p style="margin:0px"> Robert \
Kugler<br></p></div><div><br><br><br></div></div>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic