strangetruenews

Single RCE Vulnerability that affects Microsoft, Yahoo and Orange

Ebrahim Hegazy, a Bug Bounty Hunter from Egypt, has identified a security vulnerability that allowed him to hack Microsoft, Yahoo and Orang...

Ebrahim Hegazy, a Bug Bounty Hunter from Egypt, has identified a security vulnerability that allowed him to hack Microsoft, Yahoo and Orange.

While he is on the hunt for a security bug in Yahoo domains, he found a web page that allowed him to upload .aspx file and modify the existing aspx files. 

You can just create a new file by sending POST request to the URL " http://mx.horoscopo.yahoo.net/ymx/editor/inc/GenerateFile.aspx" with the following post content: "FileName=New_File_Name.aspx&FileContent=File_Content_Here".

Ebrahim has simply uploaded a file called 'zigoo.aspx' with 'zigoo' as content.  To find out other Yahoo domains that were affected by the same vulnerability, researcher did a Bing search.

The following domains were also affected by this bug: **.horoscopo.yahoo.net, astrocentro.latino.msn.com, horoscopo.es.msn.com, astrologia.latino.msn.com, horoscopos.prodigy.msn.com and astrocentro.mujer.orange.es.

Interesting fact about this vulnerability is that the page created in Yahoo domain reflected in other domains also.

"It’s A CDN(Content Delivery Network) Service for astrology that cashes the same content to render it for the sub domains of that mentioned vulnerable domains, So all files on one domain will be shown on all other domains on the server." Researcher says.

After reporting to Yahoo, Yahoo has rewarded the researcher with some bounty.  As usual, Microsoft didn't give any reward to the researcher.

Earlier this year, Ebrahim discovered a critical Remote PHP Code Injection vulnerability in one of the Yahoo domains. 

Related

Ebrahim Hegazy 3742854399915216053

Post a Comment Default Comments Disqus Comments

emo-but-icon

Weather Today!

Read More News

Random Article

Hot in week

Popular Posts

Recent

STN

Comments

item