This document discusses a Yahoo zero-day vulnerability from a code point of view. It covers bug bounty programs, remote code execution vulnerabilities like those using eval(), and provides a live example tool called WebPwn3r and demo videos. The document is authored by Ebrahim Hegazy, a cyber security analyst at Q-CERT, and is published on April 12, 2014 by the OWASP Foundation under an open license.