Open URL Redirection Vulnerability in

Open URL Redirection in

Hi, This was my first bug I found on I was just checking my email and thought of finding some bugs in yahoo.

Open URL Redirection Vulnerability in

Type : Open URL Redirection
Checked in : Firefox
OS : Windows 7

Description of Vulnerability :
URL Redirection is a technique to redirect a user to another page or even another website from the current page/site.

Impact of Vulnerability :

By exploiting this vulnerability, one can redirect a user to a malicious page and can even steal the session or ask for his/her password, login id etc.

Proof-of-concept :,eJytUduSojAQ.Zp5cy0IoFDWPkSCKEPCgIls5g0CK3JTV0YuX79xZsr9gT2VdFLp7vTp06q2sszfmpFZZg6ABVIgVqq-0POlmmm6OVNWq5WqLZYLHSjG7JAwBLGytEPbvb-Ha.iAU-cZ.MYRWgUxv97fzIfdQhEl6PjlvtLTG.wvWIdtH37fd4-68IhM6GRkoBVfP8MQG.jEJ4Ic4MdMx43TYbqp8agYvAk1Pw410pCCx7gPqBhw.8z8OSu67nJ70eAL2Mgl6pOobvM0Ty7zVMzHpDif5-LcSNcopOEtt.Be7.0SNrzF1ityNIyKjsdnI7OLNonDiseXP7zcdKnS9Vgprml14Kl60FPm3XMUrd9dsuC.2ECVqj.U9ToEQk3HYcrscCAIyi1U2YpCJgbIJDR.Sy4eOvakdG5Cg5VsQScU97g8At8lo4fYGFCuB5QBvB-Ah3Yf2B6KBxfRFk02eVvJ5SN3zU7GK9Kv-tv6lNvRNWo3CWVFn8iowPHG1KkM6kYBKz3Ndz1Z1-kx3Y24hI-.uzRmFZ7YSCgzAopl3Z3kWamE8imwB8kF3vLYusu8G4-zXp4DoQLgMlSC.VAIO2IUOZfXUIoJPjWXyuufU3gO4dT-aI4Ldd4kp.rfCP4CQpPbZQ==,

Steps to Reproduce :
1. First you need to log in to a yahoo mail account.
2. Then Copy the link location of any of the Ads that appear on the Left handside panel.
3. Then change the resulting link to any link.
4. And then our link will redirect to our new resulting page or site.

That's it.

*. Found : June 2014
*. Triaged : June 214
*. Fixed : June 2014

I didn't receive any acknowledgement or bounty as the same bug was reported by some other researcher.

Still, I was happy with my finding as at that time I was a beginner in Bug Hunting.
Next Post »

Subscribe to our mailing list

* indicates required
Select your Interested Topics.