Archive for the ‘Yahoo vulnerability’ Category

Today I finally got the shipment from yahoo’s bug bounty for responsible disclosure.

I have uploaded a few snaps of the gifts I received.

DSC_0298

DSC_0300

DSC_0297

Vulnerability type: Unhandled Exception/Error in session handling leading to java error code disclosure.

Dated: Sept 07’2013

App: Yahoo Calendar service

Acknowledged & thanked by yahoo.com for finding the flaw.

Received E-gift card and promo code from yahoo team.

Output:

yahoo_buff