A penetration tester has reportedly hacked Yahoo! and gained access to website backup and database files for a dozen databases.
The hacker using the handle Virus_Hima published screenshots that showed the purported site backups for a Yahoo! finance subdomain.
 |
The hacker claimed to have accessed the databases via a reflected cross site scripting vulnerability which he said was fixed by Yahoo!. He also said he discovered a SQL Injection hole.
Virus_Hima disclosed the flaws alleging that Yahoo! had ignored his vulnerability disclosure email.
The writer previously dumped 230 email addresses, names and hashed passwords extracted from an Adobe database of 150,000 records and revealed how attackers could access Yahoo! emails by stealing cookies.
"I have found tens of zero day vulnerabilities in big web sites such as Adobe, Microsoft, Yahoo!, Google, Apple, Facebook," the hacker wrote in a public clipboard document.
"Google [replied and patched quickly] but for Adobe and Yahoo they were so slow in reply … So I decided to teach both of them a hard lesson to harden [their] security procedures."
Virus_Hima denied links to the sale of the Yahoo! email exploit on criminal forums.
Yahoo! has been contacted for comment.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
