A Remote code injection vulnerability was found on the subdomains of Yahoo, Microsoft and Orange by being escalated from an Unauthorized Admin Access, according to Ibrahim Hegazy’s blog post.
A fix has been issued for the vulnerability from Yahoo and Microsoft.
Hegazy found the Unauthorized Admin Access during his research in the Yahoo Bug Bounty Program, as the administrator panel never requested login credentials.
Image Credits: Security Down
“Of course I could have created that file with a code to give me Remote Command Execution Privilege, but I saw it was a good/enough POC,” Hegazy said. “Imagine a Black-Hat with this vulnerability, creating his ËœIframed` aspx page with its malicious content on such highly ranked/trusted domains of Yahoo.net MSN.com Orange.es and more!!”
The vulnerability originated from the content delivery service that supplied Yahoo, Microsoft and Orange subdomains with horoscope data.
Image Credits: Security Down
It enabled the arbitrary code execution just by uploading ONE “.aspx” file that would then affect all subdomains, as follows:
Yahoo:
http://pe.horoscopo.yahoo.net
http://mx.horoscopo.yahoo.net
http://ar.horoscopo.yahoo.net
http://co.horoscopo.yahoo.net
http://cl.horoscopo.yahoo.net
http://espanol.horoscopo.yahoo.net
Microsoft MSN:
http://astrocentro.latino.msn.com/
http://astrologia.latino.msn.com/
http://horoscopo.es.msn.com/
http://horoscopos.prodigy.msn.com
Orange:
http://astrocentro.mujer.orange.es
This is a good example on how Bug Bounty Programs enable researchers to find and report vulnerabilities before they are exploited for malicious purposes. In the worst case scenario, if this vulnerability were found by cyber-criminals, it could have affected countless users.
tags
Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited.
View all postsNovember 14, 2024
September 06, 2024