Yahoo Bug now Fixed

Wednesday, March 5, 2014 @ 04:03 PM gHale


There is a vulnerability in Yahoo! Suggestions that attackers could exploit to delete all 365,000 posts and 1,155,000 comments published by users.

There was an Insecure Direct Object Reference Vulnerability (IDORV) on Yahoo’s Suggestions website (suggestions.yahoo.com), said Ibrahim Raafat, a security researcher from Egypt. An attacker could leverage the bug to escalate his privileges and gain access to the threads database.

RELATED STORIES
Malware Resilient, Tough to Eradicate
Espionage Rootkit has Russian Roots
Xtreme RAT Targets Governments
Energy Sector Under Attack

The researcher started by analyzing the POST requests generated when users post or delete comments and topics. In the case of comments, the requests contained an ID parameter whose value ended up associated with each of the comments posted on the website.

By changing the value of the ID in the POST request, he could delete any comments. In the case of topics, the ID parameter didn’t exist, so the expert added it. The attack worked.

Raafat developed a script that could have allowed him to easily delete all the topics on the website by going through all the ID values.

Raafat reported his findings to Yahoo! and the company addressed the issue within two days. The researcher did not disclose the amount of money paid out by Yahoo.

Click here for the technical details.



Leave a Reply

You must be logged in to post a comment.