SECURITY GEEK

Just another web application security blog

One Vulnerability allowed deleting comments of any user in all Yahoo sites

Hello all hatj

today i’m going to write about a strange and critical vulnerability that affected 90% of Yahoo’s Services such as:

Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more .

the vulnerability allowed me to delete any user comments in all these Yahoo sites.
the impact of the vulnerability is high because it could delete millions of comments .

Read More

osCommerce v2.x SQL Injection Vulnerability

Hello everyone hatj

This is my first writeup and i would like to start it with the 0day vulnerability that i’ve found recently in osCommerce the well known open-source commerce web application .

it wasn’t a very easy task for me to find a vulnerability in the oscommerce as it’s an open source and being developed for many years but i always like accepting the tough challenges so i wanted to start playing with it. Read More