Remote code injection in Microsoft, Yahoo and Orange subdomains

Security researcher Ebrahim Hegazy has identified a remote code injection vulnerability affecting several subdomains of Microsoft, Yahoo, Orange and others. Fortunately, the security Vulnerability has been fixed.

While participating in the Yahoo Bug Bounty program, Hegazy has found a “Unauthorized Admin Access” Vulnerability in one of Yahoo domains “mx.horoscopo.yahoo.net.”, that vulnerability led him to find “Remote Code Injection” Vulnerability where he can create ASPX files on the server, Remote Code Injection Vulnerabilities allow attackers to create files with the ability to run system commands on the vulnerable servers, also to edit the files and read data from Databases hosted on the vulnerable server.

Once he identified the remote code injection vulnerability, he attempted to determine if other Yahoo subdomains were affected. Much to his surprise, he found that also subdomains of Microsoft’s MSN and French telecoms company Orange is Vulnerable to the same Vulnerability.

The affected subdomains were for horoscopes and astrology service and below is the list of the vulnerable domains:
#Yahoo:
http://pe.horoscopo.yahoo.net
http://mx.horoscopo.yahoo.net
http://ar.horoscopo.yahoo.net
http://co.horoscopo.yahoo.net
http://cl.horoscopo.yahoo.net
http://espanol.horoscopo.yahoo.net
#Microsoft MSN:
http://astrocentro.latino.msn.com/
http://astrologia.latino.msn.com/
http://horoscopo.es.msn.com/
http://horoscopos.prodigy.msn.com
#Orange:
http://astrocentro.mujer.orange.es

“The shocking thing here is that I don’t have to upload/create my page on every domain to make a good POC! Because once I created that page on one of the Yahoo domains mentioned above, I found that my page has been created on ALL SITES hosted on the same server, Yahoo, MSN, Orange and others,” Researcher noted.

“Imagine a Black-Hat with this vulnerability, creating his ‘Iframed’ aspx page with its malicious content on such highly ranked/trusted domains of Yahoo.net MSN.com Orange.es and more!!” he adds.

Hegazy posted below video as a Proof Of Concept for the Vulnerability:
He reported the found vulnerability to Microsoft and they fixed the vulnerability without appropriate reward to his report, same thing with Orange, But Yahoo has rewarded the researcher for his report despite that vulnerabilities in Yahoo.net is out of the scope for Yahoo bug bounty Program.

y1

For additional technical details on these vulnerabilities, visit Hegazy’s blog post.

Pierluigi Paganini

(Editor-In-Chief, CDM)

rsa-logo

 

 

 

 

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X