A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to other sites. The problem is/was located on a vulnerable version of Express – Node.js web application framework.
So with a simple modification in the URL you get a Open Redirect attack:
Both Yahoo! attacks are still open to attack and working in Firefox and Opera browsers.
I found out that many other sites are vulnerable to this attack including MySpace. Just searching on the official ExpressJS site you can get a list of big companies and start-ups vulnerable to this attack – http://expressjs.com/resources/applications.html
This is a easy fix – just update your Express Framework and you’re done!
One Reply to “Yahoo! and other sites vulnerable to Open Redirect”
They All Fixed it ! 😀 not working now !