Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability.
<!-- adsense -->
According to Ebrahim blog post, the vulnerability resides in a Chinese subdomin of Yahoo website i.e. http://tw.user.mall.yahoo.com/rating/list?