Yahoo Open Redirect Vulnerability or "Designing vulnerabilities"

2013.11.28
Credit: Robert Kugler
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-601

Hello all! I'm Robert Kugler a 17-year-old German student. In the past I took part in a variety of bug bounty programs. I helped Mozilla,PayPal, AVAST Software and Microsoft (to name a few) by reporting vulnerabilities. Now I tried to participate in Yahoo's bug bounty program and sent them a range of discovered open redirect vulnerabilities, because they especially state they are eligible for a bounty. I took one of the last emails from Yahoo to show you the problem. It's not a critical vulnerability like XSS or RCE. Nevertheless the flaw will damage Yahoo's reputation if it's abused by spammers, because the link seems to direct the user to Yahoo's trustworthy site. http://bugbounty.yahoo.com/ *The vulnerability:* http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://www.google.com/ This link will redirect you to any site you want, phishing sites, exploit kits etc.. *Now Yahoo's point of view:* "Robert, Thank you for your submission to Yahoo! We are aware of this functionality on our site and it is working as designed. Please continue to send us vulnerability reports! Regards, Yahoo Security Contact" Designed for cybercriminals! This kind of vulnerability isn't new to Yahoo... "...According to E Hacking News, the cybercriminals have also leveraged a similar vulnerability in a Yahoo domain to trick users into thinking that the links point to a trusted website...." (07.06.2013) http://news.softpedia.com/news/Open-Redirect-Flaw-in-CNN-Site-Abused-by-Spammers-50-Cent-Falls-for-It-359304.shtml I hope this will change Yahoo's opinion! Be careful & stay safe! Robert Kugler

References:

http://news.softpedia.com/news/Open-Redirect-Flaw-in-CNN-Site-Abused-by-Spammers-50-Cent-Falls-for-It-359304.shtml


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top