Hi,
During my search in Yahoo I found this SQLI vulnerability in Yahoo Advertising website:

https://adspecs.yahoo.com

The vulnerability was in the following path:

http://adspecs.yahoo.com/properties/[Inject-Here]

See the following POC video using sculptor app:

Thanks,
Mohamed Maati
@MSM_1st
www.sculptordev.com