Yahoo Search Content-Security-Policy Bypass Scanner

Yahoo Search is a widely used search engine that helps users find information on the internet. It is mainly used by individuals around the globe for browsing and gathering data. In corporate environments, Yahoo Search can be utilized for competitive analysis and market research purposes. Additionally, it is often integrated into websites to enhance the user experience by providing search functionalities.

The vulnerability detected is a cross-site scripting (XSS) flaw due to a Content-Security-Policy (CSP) bypass in Yahoo Search. XSS vulnerabilities can allow attackers to inject malicious scripts into web pages viewed by users. This particular vulnerability focuses on the Yahoo Search platform, potentially impacting its user base.

Technical details reveal that the vulnerability stems from the inability of the CSP to prevent script execution. The endpoint vulnerable is associated with Yahoo Search's CSP handling. The potential vector of injection includes script tags that are improperly filtered.

If exploited, attackers may execute arbitrary JavaScript in the context of users visiting the site. This could lead to unauthorized actions being performed on behalf of the user, theft of session tokens, or sensitive information disclosure. Deceptive scripts can manipulate the user environment, causing harmful effects to both the platform and its users.

REFERENCES

• https://github.com/renniepak/CSPBypass/blob/main/data.tsv