Security researcher Ebrahim Hegazy has detected a vulnerability that allowed remote code injection into its subdomains YahooOf Microsoft and Orange. Fortunately, the security gap has already been determined by the companies' technicians.
The expert discovered the flaw by analyzing a Yahoo subdomain in Mexico (mx.horoscopo.yahoo.net). An admin panel was detected in this subdomain that could be accessed without login credentials. The researcher called this vulnerability "Unauthorized Admin Access" or "Indirect Object Reference"
From this open panel, Hegazy managed to upload his own aspx file to the server. These files could comfortably contain code that would allow an attacker to execute arbitrary code, experts say in his blog. However, the file was loaded for research purposes and contained only a single string.
After recognizing the vulnerability, he tried to examine Yahoo's other sybdomains. To his surprise, he discovered that vulnerability existed not only in Yahoo's subdomains, but also in MSN subdomains of Microsoft and the French telecommunications company Orange.
"The shocking thing is that I didn't upload/create it σελίδα me on each domain to make a good POC! I just created this page on one of the domains (pe.horoscopo.yahoo.net, ar.horoscopo.yahoo.net, co.horoscopo.yahoo.net, cl.horoscopo.yahoo.net, astrocentro.latino.msn.com , astrologia.latino.msn.com, horoscopo.es.msn.com, horoscopos.prodigy.msn.com, and astrocentro.mujer.orange.es) of Yahoo, I discovered that my page has also been created on all the sites that are hosted on the same server, Yahoo, MSN, Orange and others," says the researcher.
"Imagine black hat hackers using this vulnerability to create an aspx" Iframed "page with malicious content on such high profile domains as Yahoo.net, MSN.com and Orange.es."
The researcher reported his findings at Microsoft, Yahoo and Orange. Orange has not responded to the announcement, while Yahoo has decided to reward the expert.
For more technical details on vulnerability, visit Hegazy's website.
