Skip to main content

Posts

Showing posts from October, 2014

Store XSS on Main page of Flickr.com and Mobile Inteface

Flickr is an image hosting and video hosting website, and web services suite that was created by Ludicorp in 2004 and acquired by Yahoo in 2005. 

Flickr had a total of 87 million registered members and more than 3.5 million new images uploaded daily.In August 2011 the site reported that it was hosting more than 6 billion images and this number continues to grow steadily according to reporting sources.

I start doing my security research on flickr.com and I found some cool bugs but this XSS was my favorite because the XSS was showing on Flickr main page and on the Mobile interface at m.flickr.com.

Affecting millions of users for sure..



This attack works by inviting the Victim to a group. The XSS  loads when the victim get notify about a group invitation. Making this XSS very dangerous and perfect to target specific people or people in general.




I report this two bugs to Yahoo Security team and I got two nice reward.

Thanks Yahoo security Team!


Video: Soon.