A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to other sites. The problem is/was located on a vulnerable version of Express – Node.js web application framework.

So with a simple modification in the URL you get a Open Redirect attack:

https://touch.www.linkedin.com////www.google.com/%2e%2e

http://developer.yahoo.com////www.google.com/%2e%2e

http://publish.yahoo.com//www.google.com/%2e%2e

Both Yahoo! attacks are still open to attack and working in Firefox and Opera browsers.

I found out that many other sites are vulnerable to this attack including MySpace. Just searching on the official ExpressJS site you can get a list of big companies and start-ups vulnerable to this attack – http://expressjs.com/resources/applications.html

This is a easy fix – just update your Express Framework and you’re done!

One Reply to “Yahoo! and other sites vulnerable to Open Redirect”

Leave a Reply