Cyber security expert Ebrahim Hegazy has found a Remote Code Execution vulnerability in a Yahoo server hosting numerous sub-domains. The hacker found the vulnerability at the link that refers to a Yahoo! server which hosts numerous subdomains of the company. The payload used to exploit the flaw was Whoami$ { @print ( system ( whoami)) and System(id) or any other PHP function/code”]
Source: http://securityaffairs.co/wordpress/21631/hacking/remote-command-execution-yahoo.html