001 : Yahoo Bug Bounty

Individual Security Vulnerability Assessment Report: Yahoo

Author: Gil Eskayo

Date: 10 December 2023

Introduction

This report documents my individual security assessment conducted against Yahoo, as part of a Real World Pentest lab exercise. My objective was to identify potential client-side security vulnerabilities within the scope defined by Yahoo's public bug bounty program on HackerOne.

Scope of the Test

• Target: Yahoo (https://www.yahoo.com)
• Bug Bounty Program URL: https://hackerone.com/yahoo?type=team
• My testing was confined to the domains and IP addresses specified in the bug bounty program.
• I conducted testing using my personal account without affecting other users.
• I avoided any actions that could cause permanent changes or data deletion.