Stored XSS in Yahoo!

Sharing is Caring :)
When we share, we open doors to a new beginning...../

Well, This is Shahzada Al Shahriar Khan. And I am from Bangladesh.
Now I am going to share how I found Stored Cross-Site Scripting (XSS) in Yahoo.

Steps to Reproduce:

Go to https://www.yahoo.com/news

Comment this payload: "><img src=x onerror=confirm(1);>

Now what? Voila! We get the famous confirm(1) to popup! :D

I am trying another payload that I can write something in popup box, and found this payload: <img src=x onerror=prompt(1337)>
That moment I feel like a boss!

Here is the video PoC:

Timeline:

31/03/2018 - Initial Report.
01/04/2018 - HackerOne staff asked for 'Needs more info.'
01/04/2018 - More Info Submitted.
04/04/2018 - Triaged and a $300 initial bounty rewarded.
06/04/2018 - Bug Resolved.
11/04/2018 - $1700 bounty rewarded.

Thanks for reading..../

• My previous write-up: https://medium.com/@TheShahzada/reflected-xss-in-yahoo-6e2b6b177448

./TheShahada

• https://hackerone.com/theshahzada_thes
• https://twitter.com/TheShahzada
• https://www.facebook.com/TheShahzada.TheS
• http://blog.theshahzada.com/