Yahoo webmail 1-day cookie stealing POC

["php0t" <very () unprivate com>]

  Found a new javascript escape for yahoo webmail, works with explorer,
cookie stealing can begin yet again.
You must give a correct source address to be able to get a cookie. Do
not abuse, thx.

Proof-of-concept (kind-of):

http://zmailhost.ath.cx/

php0t
www.zorro.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/