You can now find Cyber Kendra on Google News | Telegram

Yahoo Remote Command Execution Vulnerability Fixed

Yahoo Remote Command Execution, Vulnerability Fixed in yahoo, yahoo bug bounty, hacking yahoo, Remote Command Execution, Remote Command Execution on Facebook, hackers bugs, hack and reward
Recently a Brazilian hacker have found a Remote Command execution vulnerability on Facebook which allows the full controls of the server, for which Facebook rewarded a highest bounty of $33,500 to him. Now again another Security Expert and Penetration tester "Ebrahim Hegazy" have discovered another Remote Command Execution Vulnerability on Yahoo.

The vulnerability exists on the Chinese sub-domain of Yahoo site, i.e. http://tw.user.mall.yahoo.com/rating/list?sid=$Vulnerability . According to the Blog post of Ebrahim,
Any remote user can manipulate the input to the sid parameter in the above URL, that passes the parameter value to an eval() PHP function on the server end. Server kernel version was old and its is vulnerable too. Attacker can easily run exploit of the kernel and gain a root access over the server. 
Ebrahim have also posted the video demonstrating the Vulnerability.



Ebrahim had reported the vulnerability to Yahoo security team last week and Yahoo team have fixed it within a days. 

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.