Behrouz Sadeghipour, a security researcher, has identified a critical vulnerability in one of its subdomains Yahoo (hk.yahoo.net) that allowed him to access the admin panel.
It's funny to learn that hk.yahoo.net uses the word "admin" as a username and password for its admin environment.
After gaining access to the admin panel, the researcher managed to upload a backdoor to the server. Using it, it was able to delete or create any file or execute commands on the server.
It was also able to check some other Yahoo subsections. After updating it Yahoo by the researcher, the company has corrected the security gap.
The researcher is still waiting for his reward.
In addition to this error, it also detected another 'Directory Traveral attack' vulnerability in health.yahoo.com that allowed it to read the contents of [/ etc / passwd] files on the server.