Skip to content

Latest commit

 

History

History
83 lines (79 loc) · 9.41 KB

TOPVERIZONMEDIA.md

File metadata and controls

83 lines (79 loc) · 9.41 KB

Back

Top reports from Verizon Media program at HackerOne:

  1. Local File Include on marketing-dam.yahoo.com to Verizon Media - 15 upvotes, $2500
  2. Header injection on rmaitrack.ads.vip.bf1.yahoo.com to Verizon Media - 13 upvotes, $1000
  3. Cross-site scripting on the main page of flickr by tagging a user. to Verizon Media - 12 upvotes, $2173
  4. Store XSS Flicker main page to Verizon Media - 11 upvotes, $1960
  5. XSS Yahoo Messenger Via Calendar.Yahoo.Com to Verizon Media - 10 upvotes, $677
  6. Loadbalancer + URI XSS #3 to Verizon Media - 9 upvotes, $0
  7. readble .htaccess + Source Code Disclosure (+ .SVN repository) to Verizon Media - 8 upvotes, $250
  8. REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean to Verizon Media - 6 upvotes, $3000
  9. HK.Yahoo.Net Remote Command Execution to Verizon Media - 6 upvotes, $1276
  10. From Unrestricted File Upload to Remote Command Execution to Verizon Media - 5 upvotes, $800
  11. Bypass of the Clickjacking protection on Flickr using data URL in iframes to Verizon Media - 5 upvotes, $250
  12. SQLi on http://sports.yahoo.com/nfl/draft to Verizon Media - 4 upvotes, $3705
  13. HTML Injection on flickr screename using IOS App to Verizon Media - 4 upvotes, $800
  14. Significant Information Disclosure/Load balancer access, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean to Verizon Media - 4 upvotes, $500
  15. Security.allowDomain("*") in SWFs on img.autos.yahoo.com allows data theft from Yahoo Mail (and others) to Verizon Media - 3 upvotes, $2500
  16. Local file inclusion to Verizon Media - 3 upvotes, $1390
  17. SQL Injection ON HK.Promotion to Verizon Media - 3 upvotes, $1000
  18. reflected XSS, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean to Verizon Media - 3 upvotes, $300
  19. ads.yahoo.com Unvalidate open url redirection to Verizon Media - 3 upvotes, $0
  20. XSS in my yahoo to Verizon Media - 2 upvotes, $800
  21. Flickr: Invitations disclosure (resend feature) to Verizon Media - 2 upvotes, $750
  22. https://caldav.calendar.yahoo.com/ - XSS (STORED) to Verizon Media - 2 upvotes, $500
  23. invite1.us2.msg.vip.bf1.yahoo.com/ - CSRF/email disclosure to Verizon Media - 2 upvotes, $400
  24. Default /docs folder of PHPBB3 installation on gamesnet.yahoo.com to Verizon Media - 2 upvotes, $50
  25. Java Applet Execution On Y! Messenger to Verizon Media - 2 upvotes, $0
  26. Information Disclosure to Verizon Media - 2 upvotes, $0
  27. caesary.yahoo.net Blind Sql Injection to Verizon Media - 2 upvotes, $0
  28. http://us.rd.yahoo.com/ to Verizon Media - 2 upvotes, $0
  29. Server Side Request Forgery to Verizon Media - 1 upvotes, $500
  30. XSS in https://hk.user.auctions.yahoo.com to Verizon Media - 1 upvotes, $500
  31. Comment Spoofing at http://suggestions.yahoo.com/detail/?prop=directory&fid=97721 to Verizon Media - 1 upvotes, $500
  32. information disclosure (LOAD BALANCER + URI XSS) to Verizon Media - 1 upvotes, $300
  33. XSS Vulnerability (my.yahoo.com) to Verizon Media - 1 upvotes, $250
  34. Cross-origin issue on rmaiauth.ads.vip.bf1.yahoo.com to Verizon Media - 1 upvotes, $250
  35. http://conf.member.yahoo.com configuration file disclosure to Verizon Media - 1 upvotes, $100
  36. ClickJacking on http://au.launch.yahoo.com to Verizon Media - 1 upvotes, $0
  37. Yahoo open redirect using ad to Verizon Media - 1 upvotes, $0
  38. Open Redirect via Request-URI to Verizon Media - 1 upvotes, $0
  39. XSS Reflected - Yahoo Travel to Verizon Media - 1 upvotes, $0
  40. Yahoo mail login page bruteforce protection bypass to Verizon Media - 1 upvotes, $0
  41. Authentication bypass at fast.corp.yahoo.com to Verizon Media - 1 upvotes, $0
  42. Clickjacking at surveylink.yahoo.com to Verizon Media - 1 upvotes, $0
  43. Stored Cross Site Scripting Vulnerability in Yahoo Mail to Verizon Media - 1 upvotes, $0
  44. Almost all the subdomains are infected. to Verizon Media - 1 upvotes, $0
  45. Yahoo! Messenger v11.5.0.228 emoticons.xml shortcut Value Handling Stack-Based Buffer Overflow to Verizon Media - 1 upvotes, $0
  46. Open Proxy, http://www.smushit.com/ysmush.it/, 4/09/14, #SpringClean to Verizon Media - 0 upvotes, $2000
  47. XSS on Every sports.yahoo.com page to Verizon Media - 0 upvotes, $1500
  48. CSRF Token missing on http://baseball.fantasysports.yahoo.com/b1/127146/messages to Verizon Media - 0 upvotes, $400
  49. Yahoo! Reflected XSS to Verizon Media - 0 upvotes, $250
  50. Infrastructure and Application Admin Interfaces (OWASP‐CM‐007) to Verizon Media - 0 upvotes, $250
  51. Yahoo Sports Fantasy Golf (Join Public Group) to Verizon Media - 0 upvotes, $200
  52. CSRF Token is missing on DELETE message option on http://baseball.fantasysports.yahoo.com/b1/127146/messages to Verizon Media - 0 upvotes, $200
  53. XSS in Yahoo! Web Analytics to Verizon Media - 0 upvotes, $100
  54. Testing for user enumeration (OWASP‐AT‐002) - https://gh.bouncer.login.yahoo.com to Verizon Media - 0 upvotes, $100
  55. Authorization issue on creative.yahoo.com to Verizon Media - 0 upvotes, $50
  56. Directory Traversal to Verizon Media - 0 upvotes, $0
  57. Vulnerability found, XSS (Cross site Scripting) to Verizon Media - 0 upvotes, $0
  58. HTML Code Injection to Verizon Media - 0 upvotes, $0
  59. Yahoo YQL Injection? to Verizon Media - 0 upvotes, $0
  60. In Fantasy Sports iOS app, signup page is requested over HTTP to Verizon Media - 0 upvotes, $0
  61. Open redirect on tw.money.yahoo.com to Verizon Media - 0 upvotes, $0
  62. TESTING FOR REFLECTED CROSS SITE SCRIPTING (OWASP‐DV‐001) to Verizon Media - 0 upvotes, $0
  63. Multiple vulnerabilities to Verizon Media - 0 upvotes, $0
  64. XSS using yql and developers console proxy to Verizon Media - 0 upvotes, $0
  65. Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes) to Verizon Media - 0 upvotes, $0
  66. URL Redirection to Verizon Media - 0 upvotes, $0
  67. clickjacking to Verizon Media - 0 upvotes, $0
  68. Authentication Bypass in Yahoo Groups to Verizon Media - 0 upvotes, $0
  69. A csrf vulnerability which add and remove a favorite team from a user account. to Verizon Media - 0 upvotes, $0
  70. Insufficient validation of redirect URL on login page allows hijacking user name and password to Verizon Media - 0 upvotes, $0
  71. Reflected XSS in mail.yahoo.com to Verizon Media - 0 upvotes, $0
  72. Open URL Redirection to Verizon Media - 0 upvotes, $0
  73. Out of date version to Verizon Media - 0 upvotes, $0
  74. Information Disclosure, groups.yahoo.com,6-april-2014, #SpringClean to Verizon Media - 0 upvotes, $0
  75. clickjacking on leaving group(flick) to Verizon Media - 0 upvotes, $0
  76. Authentication Bypass due to Session Mismanagement to Verizon Media - 0 upvotes, $0

Back