Monthly Archives: June 2014

Single vulnerability to cause stored XSS in Yahoo, Flickr, Google, Twitter, Amazon, Youtube, Pinterest and more

Hello, In my last research with Y! Toolbar and Flickr I was able to identify and report a few vulnerabilities to Yahoo. Keep in mind that before starting this research as I was installing a few things on my new box, I had accidentally installed Y! Toolbar on chrome (so my Windows box has chrome, but not my linux box). While poking around Flickr to find a few vulnerabilities, I had set a few titles as different XSS payloads which in the past had never worked but suddenly something was triggering the XSS payloads (keep in mind that I wasn’t able to reproduce my own vulnerabilities on my linux box). So what was causing these to suddenly work ONLY for me? Continue reading