Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo’s website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. According to Ebrahim blog post, the vulnerability resides in a Chinese subdomin of Yahoo website.
Last week, He reported the flaw to Yahoo Security Team and also tip-off them of more threat. Yahoo remote command execution vulnerability fixed by Yahoo Security Team within a day after he reported.
Originally posted at Internet Security Magazine