Ebrahim had now discovered a flaw in the Yahoo service which allows SQL Injection.
states Hibrahim in the blog post.
Inspecting theuploading request, the expert discovered the cause of the problem in the Content-throw in Header!
Renamingthe Content-jot down Header to be app/php the problems was solved.
Ebrahimsubmitted the Proof of Concept to Yahoo and Yahoo patched the vulnerability.
source: www.techworm.net
