Home / Vulnerability / Security bug in Yahoo allows anyone to delete millions of records from the database.
Yahoo Bug
Yahoo Bug

Security bug in Yahoo allows anyone to delete millions of records from the database.

Ibrahim Raafat found a vulnerability on suggestions.yahoo.com. He stated that anyone can delete millions of records stored in the database with Direct Object Reference Vulnerability.

Ibrahim said that he found the bug by adding a comment on someone’s post on Yahoo! Suggestions and checking how the request works when deleting his comments. He was able to delete others’ comments, and also add comments using other account.

Yahoo! patched the bug within two days and Ibrahim received a bounty for reporting the bug.

More information about the bug can be found on his blog.

About Raphael Marco

A young boy who learnt many things from the cyberspace out of curiosity.