A cyber security expert and penetration tester,a.k.a Zigoo from Egypt, has found a serious SQL injection vulnerability in Yahoo! website that allows an attacker to remotely execute any commands on its server with Root Privileges. Yahoo! has fixed the flaw within a day after Hegazy reported the flaw to Yahoo! Security Team. But, strange part is that the purple company didn’t considered this vulnerability for a reward, as the vulnerable domain is out-of-scope of Yahoo!’s bug bounty program.
Source: https://thehackernews.com/2014/09/yahoo-quickly-fixes-sql-injection_19.html