Hello i'm Mohamed M.Fouad an Independent Security Researcher from Egypt. I have been got acknowledgement from many of the Firms like as Microsoft,Oracle,Yahoo,eBay,Sony,,WordPress,,ESET,Adobe,AT&T,Huawui,DropCam, Bitcasa, Get Pocket, Splitwise and so many...
app_webview
cache
databases
files
lib
shared_prefs
=====================
Here is the folders of the yahoo mail application locally on the device so let's go to app_webview folder . Now after i got content list of app_webview folder it contains below :
======================
ls
Cache
Cookies
Cookies-journal
Web Data
Web Data-journal
paks
Here i already copied this values and paste it on notepad++
After investigation what cookies got validated after login each time i found that these values what yahoo mail validate to able to know that your session still valid or not
So i saved a cookie file from cookie manager add-on via firefox and after modify the values in the saved content of cookie manager i switched to victim account and session hijacked successfully :D
Let's see POC :
https://www.dropbox.com/home?preview=Yahoo_Insecure_Data_Storage_Vulnerability.mp4
After i reported to Yahoo it was duplicated :(
Thanks...
Vulnerability Description:
=====================
Hello i found an insecure data storage vulnerability in Yahoo Mail Android Application regarding "Cookies" and it can lead to account hijacking after steal cookies values and hijack victim identity so let's se POC :
I installed Yahoo Mail Android Application in emulator then i opened root shell for emulator device i navigated to yahoo application folder path as below :
=====================
ls
app_sslcacheapp_webview
cache
databases
files
lib
shared_prefs
=====================
Here is the folders of the yahoo mail application locally on the device so let's go to app_webview folder . Now after i got content list of app_webview folder it contains below :
======================
ls
Cache
Cookies
Cookies-journal
Web Data
Web Data-journal
paks
======================
Cookies is sqlite DB not a folder so i extracted it . After i opened it with sqlite browser instead of sqlite console to able to see cookies values clearly 
Here i already copied this values and paste it on notepad++
After investigation what cookies got validated after login each time i found that these values what yahoo mail validate to able to know that your session still valid or not
Let's see POC :
https://www.dropbox.com/home?preview=Yahoo_Insecure_Data_Storage_Vulnerability.mp4
After i reported to Yahoo it was duplicated :(
Thanks...
Nice information and also useful.
ReplyDeletehttp://www.yahoosuppotphonenumber.net/
If your Yahoo mail is not working and you are looking for email tech support, contact third party Yahoo Technical Support for immediate solution by dailing Yahoo Support Phone Number.
Yahoo Support Phone Number
ReplyDeletehttp://www.yahoosuppotphonenumber.net/
The customer can seek a solution to any kind of problem in minimum time.
If your problem is too big to handle you can get a live chat with our technician
you can interact with them the way you want.We provide 24*7 technical support for yahoo mail.
Our yahoo customer service has been liked and loved by many and that's why we have a large customer base.
Feel free to share and get resolved an issue any time any where by letting our technical support team for
yahoo mail to know that.
We are always glad to serve you.
http://www.yahoosuppotphonenumber.net /
ReplyDeleteYahoo Support Phone Number
Yahoo is useful platform for its users. While users use their yahoo platform they can get enhanced services because yahoo provides better and the most updated services for all its users. Even though it is user oriented but for better experience it makes sure that customized and personalized services can be enabled for each of its users.
Yahoo Support Phone Number
ReplyDeletehttp://www.yahoosuppotphonenumber.net
We are providing tech support across the globe, you can trust our certified experts to resolve your issue and to your 100% satisfaction.