*Yahoo Yahoo.com Yahoo.co.jp <http://Yahoo.co.jp> Open Redirect Security Vulnerabilities*
Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all. Multiple Open Redirect vulnerabilities were reported Yahoo. All Yahoo's responses were "this intended behavior". However, these vulnerabilities were patched later. Several other security researcher complained about getting similar treatment, too. http://seclists.org/fulldisclosure/2013/Nov/198 http://seclists.org/fulldisclosure/2014/Jan/51 http://seclists.org/fulldisclosure/2014/Feb/119 All Open Redirect Vulnerabilities are intended behavior? If so, why patch them later? The vulnerability can be attacked without user login. Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (10.0.9200.16521 ) in Windows 8. *(1) Yahoo.com Open Redirect* *Vulnerable URLs:* http://p2.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://help.yahoo.com/help/us/local/index.html http://p3.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com http://p4.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com *Poc Video:* https://www.youtube.com/watch?v=k4eFLsTyZkg *Another Video Published Before:* https://www.youtube.com/watch?v=GTd1Gkj6OUY *Blog:* http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-open-redirect-security.html http://securityrelated.blogspot.com/2014/10/yahoo-open-redirect-vulnerability.html *(2) Yahoo.co.jp <http://Yahoo.co.jp> Open Redirect* Use one of webpages for the following tests. The webpage address is " http://www.inzeed.com/kaleidoscope";. Suppose that this webpage is malicious. *Vulnerable URL:* http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030344&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http%3A%2F%2Fshopping.yahoo.co.jp *POC:* http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030330&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http://www.inzeed.com/kaleidoscope *Poc Video:* https://www.youtube.com/watch?v=2SM78WKAVr8&feature=youtu.be *Blog:* http://securityrelated.blogspot.com/2014/12/yahoo-yahoocojp-open-redirect-security.html Reported by: Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore http://www.tetraph.com/wangjing *Blog Details:* http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
