Monthly Archives: May 2014

How I XSS’ed All Of Yahoo’s Services

Hello. Normally I don’t write a write-up for XSS vulnerability; however this XSS was a bit different because it affects 100s of Yahoo! subdomains. After my SQL Injection on the HK sub-domains, I decided to actually start focusing on the more major sub-domains of Yahoo, and as a result I was able to XSS quite a few of Yahoo’s services.
Continue reading