| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051124224142.85640.qmail@web53014.mail.yahoo.com> Date: Thu, 24 Nov 2005 22:41:42 +0000 (GMT) From: Richard Fuchshuber <richardfuch@...oo.com.br> To: Will Wesley <willwesleyccna@...oo.de>, bugtraq@...urityfocus.com Subject: RE: XSS on Yahoo Mail Hi, --- Will Wesley <willwesleyccna@...oo.de> escreveu: > This is not exactly a problem with Yahoo!, but rather > a problem with the way browsers tend to render HTML > when forced to deal with broken tags. Your "<? > <table....> is not needed to accomplish the same > thing, since a browser will consider everything from < > to the next > as a tag. Since <? is not recognized the > whole thing is ignored. > > The real problem is that you are injecting a TR > element into the middle of a TD, then closing the > table without first closing the TD. Any web developer > who would do such a thing is a moron, and your browser > does the best it can to make sense of it. You might > try asking Yahoo how to turn HTML off, or simply use > POP with a text only reader to work around this. It isn't necessary to close the table, you just need the <tr></tr> part (I had not noticed this before your mail). You can also use other tags to get different results. Anyway, I think that to prevent injection of HTML code into Yahoo! Mail interface something should be done, since it could be used to fool users. Cheers, Richard _______________________________________________________ Yahoo! Acesso Grátis: Internet rápida e grátis. Instale o discador agora! http://br.acesso.yahoo.com/
Powered by blists - more mailing lists