Ibrahim Raafat, an Egyptian researcher better safetys, revealed a vulnerability in the yahoo! Suggestions, που θα μπορούσε να αξιοποιηθεί από επιτιθέμενους για την deletion 365,000 posts and 1,155,000 comments, posted by users on the page.
The expert found an Insecure Direct Object Reference Vulnerability (IDORV) vulnerability on Yahoo's website, Suggestions.yahoo.com. The bug could allow an attacker to elevate user privileges and gain access to the page's database (threads database).
The researcher started by analyzing the requests sent when users post or delete a comment or topic. In the case of comments, the requests contained an ID parameter, the price which was associated with each comment published on the website.
By changing the value of the parameter, the researcher found that he could delete any comment. In the case of posts, the ID parameter did not exist, so the expert added it on its own. Raafat then developed a script that allowed him to easily delete all the topics by changing IDs.
Raafat reported vulnerability to Yahoo, which was repaired within two days.
For more technical details, check it out Ibrahim Raafat's blog and the following POC video posted on YouTube: