Insecure Direct Object Reference Vulnerability

Pierluigi Paganini May 25, 2014
Serious Flaw in Yahoo Websites allows attackers to delete any comment

The Egyptian security researcher Ahmed Aboul-Ela has discovered a vulnerability which allowed deleting comments of any user in all Yahoo sites. A couple of days ago I was contacted by the Egyptian security researcher Ahmed Aboul-Ela which informed me to have disclosed a vulnerability in Yahoo websites which allow attackers to delete any comment from all Yahoo Services, […]

Pierluigi Paganini March 01, 2014
Critical flaw in Yahoo allows Hacker to delete 1.5M records

Vulnerability in Yahoo allowed Egyptian hacker to delete more than 1 million and half records from Yahoo database. Yahoo immediately fixed it. The Egyptian cyber security expert Ibrahim Raafat has discovered a serious flaw  in the Yahoo! website. The hacker demonstrated on his blog how to exploit the “Insecure Direct Object Reference Vulnerability” vulnerability in the Yahoo! sub-domain (suggestions.yahoo.com) to delete all […]