Recently a Brazilian hacker have found a Remote Command execution vulnerability on Facebook which allows the full controls of the server, for which Facebook rewarded a highest bounty of $33,500 to him. Now again another Security Expert and Penetration tester "Ebrahim Hegazy" have discovered another Remote Command Execution Vulnerability on Yahoo.
The vulnerability exists on the Chinese sub-domain of Yahoo site, i.e. http://tw.user.mall.yahoo.com/rating/list?sid=$Vulnerability . According to the Blog post of Ebrahim,
Ebrahim had reported the vulnerability to Yahoo security team last week and Yahoo team have fixed it within a days.
Any remote user can manipulate the input to the sid parameter in the above URL, that passes the parameter value to an eval() PHP function on the server end. Server kernel version was old and its is vulnerable too. Attacker can easily run exploit of the kernel and gain a root access over the server.Ebrahim have also posted the video demonstrating the Vulnerability.