[WEB SECURITY] Yahoo Groups Voting Vulnerabilities

Mostafa Siraj mostafa.siraj at gmail.com
Tue May 19 07:45:56 EDT 2009

Hello all,
I found a very interesting security bug at Yahoo Groups Voting System,
exploiting this bug leads to complete control of the voting result.
The bug cause is a simple logic flaw and not technical flaw (XSS,
CSRF,..etc) however the impact is very high (controlling the voting results)
you can check the vulnerability in detail at my


I thought that sharing this with you might be of your interests


Mostafa Siraj
Application Security Expert
ITWorx Egypt

"Our deepest fear is not that we are inadequate. Our deepest fear is that we
are powerful beyond measure. It is our light, not our darkness, that most
frightens us. We ask ourselves, who am I to be brilliant, gorgeous,
talented, and fabulous?Actually, who are you not to be? You are a child of
God. Your playing small doesn't serve the world. There's nothing enlightened
about shrinking so that other people won't feel insecure around you. We are
all meant to shine, as children do. We are born to make manifest the glory
of God that is within us. It's not just in some of us, it's in everyone. And
as we let our own light shine, we unconsciously give other people permission
to do the same. As we are liberated from our own fear, our presence
automatically liberates others." --Nelson Mandela--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090519/1dd04592/attachment.html>

More information about the websecurity mailing list