HashFlare

Open URL Redirection Vulnerability in ads.yahoo.com

Open URL Redirection in ads.yahoo.com

Hi, This was my first bug I found on Yahoo.com. I was just checking my email and thought of finding some bugs in yahoo.
wpid-93wl0mm.png


Type : Open URL Redirection
Checked in : Firefox
OS : Windows 7

Description of Vulnerability :
URL Redirection is a technique to redirect a user to another page or even another website from the current page/site.




Impact of Vulnerability :

By exploiting this vulnerability, one can redirect a user to a malicious page and can even steal the session or ask for his/her password, login id etc.

Proof-of-concept :
https://ads.yahoo.com/clk?3,eJytUduSojAQ.Zp5cy0IoFDWPkSCKEPCgIls5g0CK3JTV0YuX79xZsr9gT2VdFLp7vTp06q2sszfmpFZZg6ABVIgVqq-0POlmmm6OVNWq5WqLZYLHSjG7JAwBLGytEPbvb-Ha.iAU-cZ.MYRWgUxv97fzIfdQhEl6PjlvtLTG.wvWIdtH37fd4-68IhM6GRkoBVfP8MQG.jEJ4Ic4MdMx43TYbqp8agYvAk1Pw410pCCx7gPqBhw.8z8OSu67nJ70eAL2Mgl6pOobvM0Ty7zVMzHpDif5-LcSNcopOEtt.Be7.0SNrzF1ityNIyKjsdnI7OLNonDiseXP7zcdKnS9Vgprml14Kl60FPm3XMUrd9dsuC.2ECVqj.U9ToEQk3HYcrscCAIyi1U2YpCJgbIJDR.Sy4eOvakdG5Cg5VsQScU97g8At8lo4fYGFCuB5QBvB-Ah3Yf2B6KBxfRFk02eVvJ5SN3zU7GK9Kv-tv6lNvRNWo3CWVFn8iowPHG1KkM6kYBKz3Ndz1Z1-kx3Y24hI-.uzRmFZ7YSCgzAopl3Z3kWamE8imwB8kF3vLYusu8G4-zXp4DoQLgMlSC.VAIO2IUOZfXUIoJPjWXyuufU3gO4dT-aI4Ldd4kp.rfCP4CQpPbZQ==,http://www.google.com/

Steps to Reproduce :
1. First you need to log in to a yahoo mail account.
2. Then Copy the link location of any of the Ads that appear on the Left handside panel.
3. Then change the resulting link to any link.
4. And then our ads.yahoo.com link will redirect to our new resulting page or site.

That's it.

Timeline
*. Found : June 2014
*. Triaged : June 214
*. Fixed : June 2014

I didn't receive any acknowledgement or bounty as the same bug was reported by some other researcher.

image
Still, I was happy with my finding as at that time I was a beginner in Bug Hunting.
Previous
Next Post »

Subscribe to our mailing list

* indicates required
Select your Interested Topics.