Full Disclosure mailing list archives
Yahoomail Dom Based XSS Vulnerability
From: pratul agrawal <pratulag () yahoo com>
Date: Sun, 13 Jun 2010 02:00:47 -0700 (PDT)
Title: Yahoo mail Dom Based Cross Site Scripting Author: Pratul Agrawal <pratulag[at]yahoo[dot]com> Date: 13/06/2010 Indian Hacker Service: Webmail Vendor: Yahoo mail, and possibly others Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity: High Tested on: Microsoft IE 7.0 Details: Yahoo mail filter fails to detect script attributes in combination with the style attribute as a tag, leaving everyone using yahoo mail service with MSIE vulnerable to Cross Site Scripting including Cookie Theft and relogin attacks. This is a high risk security vulnerability because the attacker wont have to make the victim click on any link, all he/she has to do is to send the javascript code as an html email to the target and once the victim open the email the malicious code will be executed in his/her browser. Impact: This is totally a dom based xss attack. an application takes the user suplied data and directly feed it into the API designed to show the Newly created folder name n the yahoomail. Throug this an attacker can easily perform a cookie theft attack, Site defacement attack and many more. Steps of Exploit code: 1. Login the yahoomail with valid credentials. 2. Click on inbox. 3. Now click on Move to < create New Folder. 4. Now enter the javascript "><script>alert('yahoo sucks!')</script> in the field given for creating new folder. 5. Press OK and the script get executed. yahhhhooooo HuReee hUreYYYY
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Yahoomail Dom Based XSS Vulnerability pratul agrawal (Jun 13)
- <Possible follow-ups>
- yahoomail dom based xss vulnerability pratul agrawal (Jun 14)
- Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 14)
- Re: yahoomail dom based xss vulnerability pratul agrawal (Jun 15)
- Re: yahoomail dom based xss vulnerability Benji (Jun 15)
- Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 15)
- Re: yahoomail dom based xss vulnerability pratul agrawal (Jun 15)
- Re: yahoomail dom based xss vulnerability Vipul Agarwal (Jun 16)
- Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 16)
- Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 14)