| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Jun 2010 21:50:33 -0700 (PDT)
From: pratul agrawal <pratulag@...oo.com>
To: security@...oo.com
Cc: full-disclosure@...ts.grok.org.uk, info@...t-in.org.in
Subject: yahoomail dom based xss vulnerability
Yahoo mail Dom Based Cross Site
Scripting
Founder: Pratul Agrawal <pratulag[at]yahoo[dot]com>
DescriptionService: Webmail
Vendor: Yahoo mail, and possibly others
Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks
Severity: High
Tested on: Microsoft IE 7.0
Details:
Yahoo mail filter fails to detect script attributes in combination with
the style attribute as a tag, leaving everyone using yahoo mail service
with MSIE vulnerable to Cross Site Scripting including Cookie Theft and
relogin attacks.
Impact:
This is totally a dom based xss attack. an application takes the user
suplied data and directly feed it into the API designed to show the
Newly created folder name n the yahoomail. Throug this an attacker can
easily perform a cookie theft attack, Site defacement attack and many
more.Steps To
Reproduce1. Login the yahoomail with
valid credentials.
2. Click on inbox.
3. Now click on Move < [New Folder].
4. Now enter the javascript "><script>alert('yahoo')</script> in the field given for creating new folder.
5. Press OK and the script get executed. yahhhhooooo
Best Regards,
Pratul Agrawal
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists