Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Yahoo Mail Reward a Researcher with $10,000!

A Finnish Security ResearcherJouko Pynnonen” discovered a security flaw in Yahoo Mail. It was a stored XSS (Cross-Site-Scripting) vulnerability and Yahoo has patched it. Yahoo rewards Jouko Pynnonen by giving him $10,000 for finding this critical flaw.

Jouko said that it is a critical flaw because by using it, an attacker can embed malicious javascript with an email and can send to anyone. When the targetted user will download that email, code will run automatically and attacker can control victim's email account. Attacker can redirect victim's emails to the server of his choice. Jouko also said that attacker can do many things with that malicious javascript. The malicious code will automatically run into victim's browser, when he will logged into his Yahoo mail account. Attacker can use this malicious code in many forms. For example attacker can upload that malicious javascript as signatures of victim's account, due to which malicious code will go with each outgoing email.

Jouko states that he found this bug because It was possible to byepass Yahoo mail's filters by uploading some HTML malcodes. He inserted some un encrypted HTML codes in the form of tags, which created a boolean attribute. Jouko used this boolean attribute to embed malicious code into email.

Under Yahoo's HackerOne bug bounty program, Jouko reported this vulnerability on 26th December of last year. On 6th January yahoo fix this vulnerability and gave $10,000 to Jouko for his this discovery.

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.