today i’m going to write about a strange and critical vulnerability that affected 90% of Yahoo’s Services such as:
Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more .
the vulnerability allowed me to delete any user comments in all these Yahoo sites.
the impact of the vulnerability is high because it could delete millions of comments .
This is my first writeup and i would like to start it with the 0day vulnerability that i’ve found recently in osCommerce the well known open-source commerce web application .
it wasn’t a very easy task for me to find a vulnerability in the oscommerce as it’s an open source and being developed for many years but i always like accepting the tough challenges so i wanted to start playing with it
it took from me around 3 hours revewing almost every line in the script and finally i’ve successfully spotted sqli vulnerability at file in the admin panel, from the first look at the code i realized it should be vulnerable to sql injection.