Yahoo Open Redirect Vulnerability

The vulnerability doesn’t even need users to login yahoo. The is on all browsers in all computer systems.
POC Video:

A website is used for the following tests. The website is ““.



Wang Jing


Mathematics, Nanyang Technological University in Singapore


One thought on “Yahoo Open Redirect Vulnerability


    A serious flaw in two widely used security standards could give anyone access to your account information at Google, Microsoft, Facebook, Twitter and many other online services. The flaw, dubbed “Covert Redirect” by its discoverer, exists in two open-source session-authorization protocols, OAuth 2.0 and OpenID.

    Attackers could exploit the flaw to disguise and launch phishing attempts from legitimate websites, said the flaw’s finder, Ph.D. student Wang Jing of the Nanyang Technological University in Singapore.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s