Full Disclosure mailing list archives
yahoomail dom based xss vulnerability
From: pratul agrawal <pratulag () yahoo com>
Date: Mon, 14 Jun 2010 21:50:33 -0700 (PDT)
Yahoo mail Dom Based Cross Site Scripting Founder: Pratul Agrawal <pratulag[at]yahoo[dot]com> DescriptionService: Webmail Vendor: Yahoo mail, and possibly others Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity: High Tested on: Microsoft IE 7.0 Details: Yahoo mail filter fails to detect script attributes in combination with the style attribute as a tag, leaving everyone using yahoo mail service with MSIE vulnerable to Cross Site Scripting including Cookie Theft and relogin attacks. Impact: This is totally a dom based xss attack. an application takes the user suplied data and directly feed it into the API designed to show the Newly created folder name n the yahoomail. Throug this an attacker can easily perform a cookie theft attack, Site defacement attack and many more.Steps To Reproduce1. Login the yahoomail with valid credentials. 2. Click on inbox. 3. Now click on Move < [New Folder]. 4. Now enter the javascript "><script>alert('yahoo')</script> in the field given for creating new folder. 5. Press OK and the script get executed. yahhhhooooo Best Regards, Pratul Agrawal
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Yahoomail Dom Based XSS Vulnerability pratul agrawal (Jun 13)
- <Possible follow-ups>
- yahoomail dom based xss vulnerability pratul agrawal (Jun 14)
- Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 14)
- Re: yahoomail dom based xss vulnerability pratul agrawal (Jun 15)
- Re: yahoomail dom based xss vulnerability Benji (Jun 15)
- Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 15)
- Re: yahoomail dom based xss vulnerability pratul agrawal (Jun 15)
- Re: yahoomail dom based xss vulnerability Vipul Agarwal (Jun 16)
- Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 16)
- Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 14)