Ibrahim Raafat, an Egyptian security researcher, disclosed a vulnerability in Yahoo! Suggestions, which could be exploited by attackers to delete 365,000 posts and 1,155,000 comments, published by users at σελίδα.
The expert identified an Insecure Direct Object Reference Vulnerability (IDORV) vulnerability in the Yahoo site, Suggestions.yahoo.com. The error could allow an attacker to upgrade user privileges and gain access to the threads database.
The investigator started by analyzing requests sent when users post or delete a comment or a topic. In the case of comments, the requests contained an ID parameter, the price that was associated with each comment posted on the site.
By changing the value of the parameter, the researcher found that he could delete any comment. In the case of posts, the ID parameter did not exist, so the expert added it on its own. Raafat then developed a script that allowed him to easily delete all the topics by changing IDs.
Raafat reported the vulnerability to Yahoo, which was patched internally two days.
For more technical details, check it out Ibrahim Raafat's blog and the following POC video posted on YouTube:
Source: iguru.gr