Yahoo Local Launches in India - Easily Hackable

Written by Allen Stern - April 30, 2008
Comments
2 Comments
Forward
E-mail
AddThis

Yahoo Local IndiaYahoo has launched their local search into India this week into four major cities: Delhi, Mumbai, Bangalore and Chennai. The local search in India works very much like the local search in the U.S.  To be honest, I don't use Yahoo Local - I've been more of a Yelp'er or lately also searching via address using Google Maps. Though playing with Yahoo Local this morning, it's pretty robust. I like how it aggregates reviews from across the Web in addition to those from Yahoo Local, offers an interactive map and a variety of alternative suggestions for other topics in the location I am in. I don't see anything very innovative, the information is just presented in a very usable format.

On a more serious note, It appears that Yahoo Local India is easily hackable by injecting script code into a review and you can do basically anything from that point. Sridhar was able to create an iframe with Google in the body (see the screenshot below). He also notes that anything way more malicious could also be injected.

I tested this hack on the U.S. version of Yahoo Local and was unable to reproduce the security issue. When I entered any script code and clicked submit, the system removed the code within the script tags and prompted me to add more content.

I have submitted a ticket to Yahoo to get them to fix this.

AddThis
Comments - Add New CommentComment Now
It may take up to five minutes for your comment to appear
Submitted by kode on May 3, 2008 - 1:34am.
Subject: funny

Allen - did you try the hack that Sridhar mentioned? Should have tried before writing this review, since
a. the so-called-hack only works if you have firebug - it's the plugin which is executing the code! (and not yahoo !)
b. the code is not executed - so you cant do anything with that.

Before you guys start taking words from stupid hackers, better try out the hack yourself (and maybe publish your own screenshot to ensure that you were able to "hack" it, the way sridhar mentioned! )

Submitted by Kumar.A.P.P on May 11, 2008 - 11:37am.
Subject: Re: Yahoo Local Launches in India - Easily Hackable

Now,local search is exactly what India really needs. This idea is cool and is very user friendly...

Post new comment
note: comments may take up to 5 minutes to appear due to cache
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Our Sponsors


ScribeFire
Clicky Web Analytics

Our Partners

cmplt

OrganicStats
read centernetworks anywhere!
© 1999-2008 CenterNetworks
Home | News | Reviews | Insights | Interviews | Web Jobs | Press Releases | Startup Tips