Vulnerability in Yahoo Allows hacker to Delete any Comments

Share it:
After the multiple vulnerabilities reported on eBay site, now security researcher are expanding there research and continues there hunting. From last month many researcher have reported vulnerability to Yahoo team in respect of its bounty program.

Recently Egyptian security researcher 'Ahmed Aboul-Ela' have reported a vulnerability to Yahoo that allows him to delete any comment form the 90 percent of Yahoo services which includes Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more.

When a user comments on any of the post of yahoo service , they are allowed to delete their own comments. But the Vulnerability reported by Ahmed is something different to it. According the Ahmed Vulnerability, that allows him to delete any of the comments that are posted by other also.

What Happens While Deleting a Comments.

When a user deletes it comments then a page sends a POST request to Yahoo Server with some variables i.e comment_id and content_id, where comment_id represents the comment's serial number and content_id represents the article identifier.


So to carry out the process users just have to click on the Delete button besides there comments. Attacker have tamper the POST request and make changes  the with the variables of Parameter i.e comment_id and content_id.  Attacker have replace the value of the comment_id parameter with other comments id (targeted comments). Once the server receive the requesting for deleting, it deletes the comments from the database without validating the users permission.

This vulnerability have one demerits, that the vulnerability only works when attackers is the first person to comments on the post.
"The vulnerability will only work if you were the first commenter on the article as you will have a privilege to delete any other yahoo users comments who post comment after you. otherwise it will give you the Authorization Failed error message , so it seems that the developer was taking care of the bug but he just forgot to add the validation when he checks if you are the first commenter." Ahmad explained.

For this Vulnerability, Researcher have made a video demonstration also.


The Vulnerability have been reported to the Yahoo team and is Patched Now.
Share it:

Research

Vulnerability

Yahoo

Post A Comment:

0 comments:

Follow by Email