Published on March 1st, 2014 📆 | 3453 Views ⚑
0Yahoo vulnerability allows Hacker to delete 1.5 million records from Database
iSpeech.org
Yahoo! The 4th most visited website on the Internet has been found vulnerable multiple times, and this time a hacker has claimed to spotĀ a critical vulnerability in the Yahoo! sub-domain 'suggestions.yahoo.com', which could allow an attacker to delete the all the posted threadĀ and comments on Yahoo's Suggestion Board website.
Egyptian Cyber Security Analyst, 'IbrahimĀ Raafat',Ā found and demonstrated 'Insecure Direct Object Reference Vulnerability' in Yahoo's website on his blog.
Exploiting the flawĀ escalates the user privileges that allow a hacker to delete more thanĀ 365,000 posts and 1,155,000 comments from Yahoo! Database. Technical details of the vulnerability are as explained below:
DeletingĀ Comments: While deleting his own comment,Ā Ibrahim noticed theĀ HTTP Header of POST request, i.e.
Where parameter 'fid' is the topic id and 'cid' is the respective comment ID. While testing, he found changing the fid and cidĀ parameter values allow him to delete other comments from the forum, that are actually posted by another user.Deleting Posts: Next, he also tested post deletionĀ mechanism and found a similar loophole in that. A normalĀ HTTP Header POST request of deleting a post is:
POST cmd=delete_item&crumb=SbWqLz.LDP0
He found that, appending the fid (topic id)Ā variable to the URL allows him to delete the respective post, that was not posted by himself i.e.
POST cmd=delete_item&crumb=SbWqLz.LDP0&fid=xxxxxxxx
Ibrahim has reported the flaw to Yahoo Security team and also provided a Video Demonstration, as shown below:
Gloss