Re: Yahoo XSS

["Berend-Jan Wever" <SkyLined () edup tudelft nl>]

XSS bugs in webpages are so yesterday... I spent one day searching for XSS
holes about a year ago and there was not one site that wasn't vulnerable in
one way or another. (Real Player, Adobe, Napster, Altavista, Yahoo,
Netscape, Ebay, Amazon, Redhat, Microsoft, Google, Cnet, Anonymizer, Lycos,
...) Most of these are still not fixed, even though I reported them all.
More interesting offcourse are XSS bugs in yahoo webmail:
[SCRIPT][STYLE]*{width:expression(alert("whoops"))}[/STYLE][/SCRIPT]
Put that in HTML mail to a yahoo user and you've got yourself another vector
for mass-mailing worms. I allready wrote a PoC mass-mailing worm in jscript
for hotmail, since they've had XSS issues in the past too. Hotmail is one of
the very few sites that took these vulnerabilities seriously and fixed them
within a few hours. Even though their virus scanning partner, McAfee was
unreachable when I wanted to show them their scanners didn't detect my
jscript worm.

Cheers!

SkyLined


----- Original Message ----- 
From: "morning_wood" <se_cur_ity () hotmail com>
To: <full-disclosure () lists netsys com>; "0day" <0day () nothackers org>
Sent: Tuesday, July 08, 2003 6:53
Subject: [Full-disclosure] Yahoo XSS


> Interesting...
http://search.yahoo.com/search?p=%3Cscript%3Ealert%28%22You+are+vunerable+to+xss+-+discovered+by+morning_wood+http%3A%2F%2Fexploitlabs.com%22%29%3C%2Fscript%3E&ei=UTF-8&fr=msgr-buddy&vm=i&n=20&fl=0&x=wrt
> morning_wood
> http://exploitlabs.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html