Ibrahim Raafat, an Egyptian security researcher, revealed a vulnerability in Yahoo! Suggestions, which could be used by attackers to delete 365,000 posts and 1,155,000 comments, posted by users on the page.
The expert found an Insecure Direct Object Reference vulnerability Vulnerability (IDORV) στην ιστοσελίδα της Yahoo, Suggestions.yahoo.com. Το error could allow an attacker to elevate user privileges and obtain access στη βάση δεδομένων της σελίδας (threads ).
The researcher started by analyzing the requests sent when users post or delete a comment or topic. In the case of comments, the requests contained an ID parameter, the price which was associated with each comment published on the website.
By changing the value of the parameter, the researcher found that he could delete any comment. In the case of posts, the ID parameter did not exist, so the expert added it on its own. Raafat then developed a script that allowed him to easily delete all the topics by changing IDs.
Raafat reported vulnerability to Yahoo, which was repaired within two days.
For more technical details, check it out Ibrahim Raafat's blog and the following POC video posted on YouTube:
Source: iguru.gr