Hello. Normally I don’t write a write-up for XSS vulnerability; however this XSS was a bit different because it affects 100s of Yahoo! subdomains. After my SQL Injection on the HK sub-domains, I decided to actually start focusing on the more major sub-domains of Yahoo, and as a result I was able to XSS quite a few of Yahoo’s services.
more here............http://nahamsec.com/?p=210
more here............http://nahamsec.com/?p=210