found server side injection on Yahoo, help on finding an exploit

johanna curiel curiel

unread,

Sep 6, 2015, 8:04:33 PM9/6/15

to OWASP ZAP Evangelists Group

Dear evangelists

I'm my crusade on using zap for bug hunting I found a server side injection with zap at yahoo:

go to

https://groups.yahoo.com/neo

copy paste

%3C%21--%23EXEC+cmd%3D%22ls+%2F%22—%3E

press search

It gets injected

Yahoo mentioned that if I'm able to find an exploit then they could consider it a risk

Any ideas how to proceed on this?

cheers

Johanna

Screenshot 2015-08-29 22.33.34.png

Zack Syn

unread,

Sep 7, 2015, 4:12:26 AM9/7/15

to johanna curiel curiel, OWASP ZAP Evangelists Group

Hello Johanna,

Hiw do you know it gets injected ? I can't reproduce it (classic you might say).

a little bit of literature : https://www.owasp.org/index.php/Testing_for_SSI_Injection_%28OTG-INPVAL-009%29

Cheers,

Zack

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Evangelists Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-evangel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

johanna curiel curiel

unread,

Sep 7, 2015, 7:06:21 AM9/7/15

to Zack Syn, OWASP ZAP Evangelists Group

Yahoo was able to reproduce the injection but they wanted a exploit to consider it a real threat

Reply all

Reply to author

Forward