This is another video demonstrating a XSPA / SSRF vulnerability that I discovered on the Yahoo! Developer Network last year. This was a typical XSPA / SSRF bug that allowed an attacker to port scan Internet facing servers using Yahoo!’s machines. A limited amount of service fingerprinting was also possible.
Yahoo! has now fixed this issue and was nice enough to put that in an email. Oh, by the way there was no swag, unicorns,mugs or tshirts.
More on SSRF / XSPA: http://cwe.mitre.org/data/definitions/918.html http://www.riyazwalikar.com/2012/11/cross-site-port-attacks-xspa-part-1.html
Comments and feedback are welcome!