Vulnerability Development mailing list archives
Re: Yahoo Messenger 7.0.0.438 Crash Tested
From: Fatal_Error () gmx be
Date: 22 Jun 2006 15:48:08 -0000
It seems that any number of alternative strings will work as well: example: "msg:_________________________________________iframe onload=$InlineAction()>:)" without quotes works as well. [, -, ^, {, [alt-0160]'s all seem to work as well Is there a cross scripting vulnerability as well? Inserting script commands brings up an odd Script Error screen and a file name.
Current thread:
- Yahoo Messenger 7.0.0.438 Crash Tested Ivancool2003 (Jun 14)
- <Possible follow-ups>
- Re: Yahoo Messenger 7.0.0.438 Crash Tested Ivancool2003 (Jun 19)
- Re: Yahoo Messenger 7.0.0.438 Crash Tested Fatal_Error (Jun 22)