Behrouz Sadeghipour, a bug bounty hunter, has found a critical vulnerability in one of the subdomain of Yahoo(hk.yahoo.net) that allowed him to access admin panel. It is funny to know that the hk.yahoo.net is using ‘admin’ as username and password for its panel. After gaining access to the admin panel, he managed to upload his backdoor shell to the server. Using the shell, he was able to delete or create any file or run any commands on the server. He was also able to control few other subdomains of Yahoo. After getting notification from the researcher, Yahoo has patched the …continue reading
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Yahoo using ‘admin’ as username and password, leads to RCE appeared first on National Cyber Security.
View full post on National Cyber Security