Industry News

Remote Code Injection Vulnerability Found on Yahoo, Microsoft and Orange Subdomains

A Remote code injection vulnerability was found on the subdomains of Yahoo, Microsoft and Orange by being escalated from an Unauthorized Admin Access, according to Ibrahim Hegazy’s blog post.

A fix has been issued for the vulnerability from Yahoo and Microsoft.

Hegazy found the Unauthorized Admin Access during his research in the Yahoo Bug Bounty Program, as the administrator panel never requested login credentials.

                                                                         Image Credits: Security Down

“Of course I could have created that file with a code to give me Remote Command Execution Privilege, but I saw it was a good/enough POC,” Hegazy said. “Imagine a Black-Hat with this vulnerability, creating his ‘Iframed’ aspx page with its malicious content on such highly ranked/trusted domains of Yahoo.net MSN.com Orange.es and more!!”

The vulnerability originated from the content delivery service that supplied Yahoo, Microsoft and Orange subdomains with horoscope data.

                                                                  Image Credits: Security Down

It enabled the arbitrary code execution just by uploading ONE “.aspx” file that would then affect all subdomains, as follows:

Yahoo:

http://pe.horoscopo.yahoo.net

http://mx.horoscopo.yahoo.net

http://ar.horoscopo.yahoo.net

http://co.horoscopo.yahoo.net

http://cl.horoscopo.yahoo.net

http://espanol.horoscopo.yahoo.net

Microsoft MSN:

http://astrocentro.latino.msn.com/

http://astrologia.latino.msn.com/

http://horoscopo.es.msn.com/

http://horoscopos.prodigy.msn.com

Orange:

http://astrocentro.mujer.orange.es

This is a good example on how Bug Bounty Programs enable researchers to find and report vulnerabilities before they are exploited for malicious purposes. In the worst case scenario, if this vulnerability were found by cyber-criminals, it could have affected countless users.

About the author

Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited. Besides digging for 'hacker' scoops and data leaks, he enjoys sports, such as football and tennis.
He has also combined an interest for social and political sciences, as a graduate of the Political Science Faculty, with a passion for guitar and computer games.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.