DNSS Inc – IT consulting and IT security services for small to mid-size businesses

Managed IT Services, IT Security Services, Vulnerability Management and Remediation, Help Desk Support, IT Maintenance Services, Network Administration, Business Continuity Planning, Disaster Recovery Planning, Onsite and Offsite Data Backup, and Information Security Assessment

Ebrahim Hegazy discovered PHP Code Injection Vulnerability in Yahoo – E Hacker News

Ebrahim Hegazy discovered PHP Code Injection Vulnerability in Yahoo – E Hacker News.

A Web application penetration tester, Ebrahim Hegazy, has discovered a critical remote PHP code injection vulnerability in the Yahoo website that could allowed hackers to inject and execute any php code on the Yahoo server.

The vulnerability exists in the Taiwan sub-domain of the Yahoo ” http://tw.user.mall.yahoo.com/rating/list?sid=%5BCODE_Injection%5D”.  The ‘sid’ parameter allows to inject PHP code.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on January 28, 2014 by in Blog and tagged , , .
%d bloggers like this: