Skip to content

Latest commit

 

History

History
78 lines (77 loc) · 9.37 KB

TOPVERIZONMEDIA.md

File metadata and controls

78 lines (77 loc) · 9.37 KB
Raw

Top reports from Verizon Media program at HackerOne:

  1. Local File Include on marketing-dam.yahoo.com to Verizon Media - 16 upvotes, $2500
  2. Header injection on rmaitrack.ads.vip.bf1.yahoo.com to Verizon Media - 15 upvotes, $1000
  3. Cross-site scripting on the main page of flickr by tagging a user. to Verizon Media - 12 upvotes, $2173
  4. Store XSS Flicker main page to Verizon Media - 12 upvotes, $1960
  5. XSS Yahoo Messenger Via Calendar.Yahoo.Com to Verizon Media - 12 upvotes, $677
  6. REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean to Verizon Media - 10 upvotes, $3000
  7. Loadbalancer + URI XSS #3 to Verizon Media - 9 upvotes, $0
  8. readble .htaccess + Source Code Disclosure (+ .SVN repository) to Verizon Media - 8 upvotes, $250
  9. HK.Yahoo.Net Remote Command Execution to Verizon Media - 7 upvotes, $1276
  10. From Unrestricted File Upload to Remote Command Execution to Verizon Media - 6 upvotes, $800
  11. SQLi on http://sports.yahoo.com/nfl/draft to Verizon Media - 5 upvotes, $3705
  12. HTML Injection on flickr screename using IOS App to Verizon Media - 5 upvotes, $800
  13. Bypass of the Clickjacking protection on Flickr using data URL in iframes to Verizon Media - 5 upvotes, $250
  14. Information Disclosure to Verizon Media - 5 upvotes, $0
  15. Local file inclusion to Verizon Media - 4 upvotes, $1390
  16. Significant Information Disclosure/Load balancer access, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean to Verizon Media - 4 upvotes, $500
  17. reflected XSS, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean to Verizon Media - 4 upvotes, $300
  18. ads.yahoo.com Unvalidate open url redirection to Verizon Media - 4 upvotes, $0
  19. Security.allowDomain("*") in SWFs on img.autos.yahoo.com allows data theft from Yahoo Mail (and others) to Verizon Media - 3 upvotes, $2500
  20. SQL Injection ON HK.Promotion to Verizon Media - 3 upvotes, $1000
  21. Flickr: Invitations disclosure (resend feature) to Verizon Media - 3 upvotes, $750
  22. https://caldav.calendar.yahoo.com/ - XSS (STORED) to Verizon Media - 3 upvotes, $500
  23. invite1.us2.msg.vip.bf1.yahoo.com/ - CSRF/email disclosure to Verizon Media - 3 upvotes, $400
  24. XSS Vulnerability (my.yahoo.com) to Verizon Media - 3 upvotes, $250
  25. http://conf.member.yahoo.com configuration file disclosure to Verizon Media - 3 upvotes, $100
  26. Java Applet Execution On Y! Messenger to Verizon Media - 3 upvotes, $0
  27. Directory Traversal to Verizon Media - 3 upvotes, $0
  28. XSS in my yahoo to Verizon Media - 2 upvotes, $800
  29. information disclosure (LOAD BALANCER + URI XSS) to Verizon Media - 2 upvotes, $300
  30. XSS in Yahoo! Web Analytics to Verizon Media - 2 upvotes, $100
  31. Default /docs folder of PHPBB3 installation on gamesnet.yahoo.com to Verizon Media - 2 upvotes, $50
  32. In Fantasy Sports iOS app, signup page is requested over HTTP to Verizon Media - 2 upvotes, $0
  33. caesary.yahoo.net Blind Sql Injection to Verizon Media - 2 upvotes, $0
  34. Open Redirect via Request-URI to Verizon Media - 2 upvotes, $0
  35. XSS using yql and developers console proxy to Verizon Media - 2 upvotes, $0
  36. Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes) to Verizon Media - 2 upvotes, $0
  37. XSS Reflected - Yahoo Travel to Verizon Media - 2 upvotes, $0
  38. Yahoo mail login page bruteforce protection bypass to Verizon Media - 2 upvotes, $0
  39. Clickjacking at surveylink.yahoo.com to Verizon Media - 2 upvotes, $0
  40. Stored Cross Site Scripting Vulnerability in Yahoo Mail to Verizon Media - 2 upvotes, $0
  41. Almost all the subdomains are infected. to Verizon Media - 2 upvotes, $0
  42. http://us.rd.yahoo.com/ to Verizon Media - 2 upvotes, $0
  43. XSS on Every sports.yahoo.com page to Verizon Media - 1 upvotes, $1500
  44. Server Side Request Forgery to Verizon Media - 1 upvotes, $500
  45. XSS in https://hk.user.auctions.yahoo.com to Verizon Media - 1 upvotes, $500
  46. Comment Spoofing at http://suggestions.yahoo.com/detail/?prop=directory&fid=97721 to Verizon Media - 1 upvotes, $500
  47. Cross-origin issue on rmaiauth.ads.vip.bf1.yahoo.com to Verizon Media - 1 upvotes, $250
  48. Yahoo! Reflected XSS to Verizon Media - 1 upvotes, $250
  49. ClickJacking on http://au.launch.yahoo.com to Verizon Media - 1 upvotes, $0
  50. Yahoo YQL Injection? to Verizon Media - 1 upvotes, $0
  51. Yahoo open redirect using ad to Verizon Media - 1 upvotes, $0
  52. A csrf vulnerability which add and remove a favorite team from a user account. to Verizon Media - 1 upvotes, $0
  53. Insufficient validation of redirect URL on login page allows hijacking user name and password to Verizon Media - 1 upvotes, $0
  54. Reflected XSS in mail.yahoo.com to Verizon Media - 1 upvotes, $0
  55. Authentication bypass at fast.corp.yahoo.com to Verizon Media - 1 upvotes, $0
  56. Information Disclosure, groups.yahoo.com,6-april-2014, #SpringClean to Verizon Media - 1 upvotes, $0
  57. clickjacking on leaving group(flick) to Verizon Media - 1 upvotes, $0
  58. Yahoo! Messenger v11.5.0.228 emoticons.xml shortcut Value Handling Stack-Based Buffer Overflow to Verizon Media - 1 upvotes, $0
  59. Open Proxy, http://www.smushit.com/ysmush.it/, 4/09/14, #SpringClean to Verizon Media - 0 upvotes, $2000
  60. CSRF Token missing on http://baseball.fantasysports.yahoo.com/b1/127146/messages to Verizon Media - 0 upvotes, $400
  61. Infrastructure and Application Admin Interfaces (OWASP‐CM‐007) to Verizon Media - 0 upvotes, $250
  62. Yahoo Sports Fantasy Golf (Join Public Group) to Verizon Media - 0 upvotes, $200
  63. CSRF Token is missing on DELETE message option on http://baseball.fantasysports.yahoo.com/b1/127146/messages to Verizon Media - 0 upvotes, $200
  64. Testing for user enumeration (OWASP‐AT‐002) - https://gh.bouncer.login.yahoo.com to Verizon Media - 0 upvotes, $100
  65. Authorization issue on creative.yahoo.com to Verizon Media - 0 upvotes, $50
  66. Vulnerability found, XSS (Cross site Scripting) to Verizon Media - 0 upvotes, $0
  67. HTML Code Injection to Verizon Media - 0 upvotes, $0
  68. Open redirect on tw.money.yahoo.com to Verizon Media - 0 upvotes, $0
  69. TESTING FOR REFLECTED CROSS SITE SCRIPTING (OWASP‐DV‐001) to Verizon Media - 0 upvotes, $0
  70. Multiple vulnerabilities to Verizon Media - 0 upvotes, $0
  71. URL Redirection to Verizon Media - 0 upvotes, $0
  72. clickjacking to Verizon Media - 0 upvotes, $0
  73. Authentication Bypass in Yahoo Groups to Verizon Media - 0 upvotes, $0
  74. Open URL Redirection to Verizon Media - 0 upvotes, $0
  75. Out of date version to Verizon Media - 0 upvotes, $0
  76. Authentication Bypass due to Session Mismanagement to Verizon Media - 0 upvotes, $0