| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Apr 17 22:23:35 2006 From: lolirt at gmail.com (Response Team) Subject: [Argeniss] Alert - Yahoo! Webmail XSS www.w00tynetwork.com is trying to sell CC cashing services, and www.w00tynetwork.com/news.htm is using the CreateTextRange(); exploit. > On 4/17/06, Morning Wood <se_cur_ity@...mail.com> wrote: > > > > > exploit creates a frameset and redirects to > > > http://w00tynetwork.com/x/ ,it's interesting that the > > > > redirects to http://211.22.14.50/.yahoomail/x.htm and spoofs a Yahoo > > login > > page. > > upon entering credentals, the site redirects back to > > http://mail.yahoo.com > > so it simply looks like a bad login. > > > > 211.22.14.50 = www.gbigift.com.tw > > > > cheers, > > mw > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060417/61ce087f/attachment.html
Powered by blists - more mailing lists