Ο Ibrahim Raafat, ένας αιγύπτιος ερευνητής ασφάλειας, αποκάλυψε μια ευπάθεια στο Yahoo! Suggestions, που θα μπορούσε να αξιοποιηθεί από επιτιθέμενους για την διαγραφή 365,000 posts και 1,155,000 comments, posted by users on the page.
Ο εμπειρογνώμονας εντόπισε μια ευπάθεια τύπου Insecure Direct Object Reference Vulnerability (IDORV) στην ιστοσελίδα της Yahoo, Suggestions.yahoo.com. Το σφάλμα θα μπορούσε να επιτρέψει σε έναν εισβολέα να αναβαθμίσει τα προνόμια χρήστη και να αποκτήσει access in the page database (threads ).
The researcher started by analyzing the requests sent when users post or delete a comment or topic. In the case of comments, the requests contained an ID parameter, the price which was associated with each comment published on the website.
By changing the value of the parameter, the researcher found that he could delete any comment. In the case of posts, the ID parameter did not exist, so the expert added it on its own. Raafat then developed a script that allowed him to easily delete all the topics by changing IDs.
Raafat reported vulnerability to Yahoo, which was repaired within two days.
For more technical details, check it out Ibrahim Raafat's blog and the following POC video posted on YouTube:
Source: iguru.gr