001 : Yahoo Bug Bounty
Author: Gil Eskayo
Date: 10 December 2023
Individual Security Vulnerability Assessment Report: Yahoo
This report documents my individual security assessment conducted against Yahoo, as part of a Real World Pentest lab exercise. My objective was to identify potential client-side security vulnerabilities within the scope defined by Yahoo's public bug bounty program on HackerOne.
Scope of the Test
- Target: Yahoo (https://www.yahoo.com)
- Bug Bounty Program URL: https://hackerone.com/yahoo?type=team
- My testing was confined to the domains and IP addresses specified in the bug bounty program.
- I conducted testing using my personal account without affecting other users.
- I avoided any actions that could cause permanent changes or data deletion.
Testing Approach
In conducting the security assessment of Yahoo's web application, I employed a strategic combination of manual inspection, browser developer tools, and specialized security tools, each chosen for its specific capabilities in identifying different types of vulnerabilities...
Client-Side Data Manipulation
Detailed Test: To test for client-side data manipulation vulnerabilities, I used browser developer tools to inspect and modify data stored in the browser, such as cookies, localStorage, and sessionStorage...
// JavaScript snippet to inspect and modify client-side data
let userData = JSON.parse(localStorage.getItem('userPreferences'));
userData.theme = 'dark'; // Altering a preference
localStorage.setItem('userPreferences', JSON.stringify(userData));
Cross-Site Request Forgery (CSRF)
Detailed Test: Using Burp Suite, I created a mock HTML form to simulate a CSRF attack...
<!-- HTML snippet to create a forged request -->
<form action="https://www.yahoo.com/settings" method="POST" target="_blank">
<input type="hidden" name="newSetting" value="alteredSetting">
<input type="submit" value="Submit Request">
</form>
Cross-Site Scripting (XSS)
Detailed Test: I tested for XSS vulnerabilities by injecting JavaScript code into various input fields and observing the application's response...
<script>alert('XSS Test');</script>SQL Injection
Detailed Test: SQL Injection vulnerabilities were tested by inputting SQL code into fields that interact with the database...
' OR '1'='1Buffer Overflow
Detailed Test: To test for buffer overflow vulnerabilities, I input excessively long strings into input fields...
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...Client-Side Data Manipulation
The investigation into client-side data revealed that Yahoo effectively secures sensitive information...
Cross-Site Request Forgery (CSRF)
The CSRF test did not yield any successful unauthorized actions...
Cross-Site Scripting (XSS)
The XSS vulnerability test showed that Yahoo has implemented strong input validation and output encoding mechanisms...
SQL Injection
During the SQL Injection testing phase, all inputs were properly sanitized...
Buffer Overflow
The buffer overflow tests involved submitting excessively long strings in various input fields...
Recommendations
Despite the absence of identified vulnerabilities in this assessment, maintaining a robust security posture is an ongoing process...
- Conduct regular and comprehensive security audits...
- Perform thorough code reviews, particularly of client-side scripts...
- Implement or enhance continuous monitoring and logging mechanisms...
Conclusion
This security assessment of Yahoo's web platform, conducted within the defined scope and parameters of their public bug bounty program, did not reveal any direct vulnerabilities...
It is crucial to acknowledge that cybersecurity is a dynamic field...
In conclusion, while this assessment did not identify specific vulnerabilities within the scope of the bug bounty program, it highlights the importance of continuous vigilance and adaptation in the field of cybersecurity...