Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution: Yahoo! was recently impacted by a critical web application vulnerabilities which left website’s database and server vulnerable to hackers.
A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt, has found a serious SQL injection vulnerability in Yahoo’s website that allows an attacker to remotely execute any commands on its server with Root Privileges.According to Hegazy blog post, the SQLi vulnerability resides in a domain of Yahoo! website i.e. http://innovationjockeys.net/tictac_chk_req.php.