Egyptian Hacker finds Sql & XSS Vulnerability in Yahoo

An Egyptian hacker Virus_Hima has said to found vulnerabilities in the official website of Yahoo. This is probably the second time in 2 months, when the hacker has found vulnerability in one of the major technology websites. While telling about the vulnerabilities he said that he got a complete hold of the backup of several yahoo domains.

Among other vulnerabilities he told there is a  cross-site scripting vulnerability and SQL  injection vulnerability in the site, according to his post on Pastebin. 


But he denied to expose the data he hold off from the yahoo’s site and said that his vendors adobe, yahoo and others have respect for him so won’t be carrying this particular act. The hacker also denied to be or to have any connection with the personal selling a cross-site scripting vulnerability on a hacker forum for US$700 last week. 


The hacker previously entered into the system of adobe and got hold off a large amount of data. This resulted in adobe closing one of it’s forums i.e. 

But adobe’s officials soon contacted the hacker for resolving the matter, when he released a bundle of 200 emails which belonged to adobe, and U.S. Government agencies. The data contained encrypted passwords, email addresses, address and other details.  

The hacker also provided a tip to the site owners to be proactive rather then being procreative, he added that he will not leak the data any soon and work according to the situation. 

He also claimed to find 0day vulnerabilities on Adobe/Microsoft/Yahoo/Google/Apple/Facebook and many more, yet he will not misuse the situation and will keep on reporting the issue to its respective vendors. 

However, there has been no statement from Yahoo Inc about the latest vulnerability claim. 

Related Posts