lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: 26 Jan 2007 15:26:34 -0000
From: hainamluke@...oo.com
To: bugtraq@...urityfocus.com
Subject: Cross-site Scripting with Local Privilege Vulnerability in Yahoo
 Messenger

DESCRIPTION:
I’ve found a cross-site scripting vulnerability in Yahoo! Messenger, a popular advertisement-supported instant messaging client and protocol provided by Yahoo! Attacker can inject a malicious script with local privilege to Y!M notification message. 

The vulnerability is discovered in the chat dialog. The automatic notification message of Yahoo! Messenger, for instance “Hai Nam  Luke has signed out. (1/26/2007 10:03 PM)” or “Hai Nam Luke has signed back in. (1/26/2007 10:04 PM)” can be easily exploited with injecting a malicious script to. Script is disabled in chat messages but system notification messasage. That Yahoo Messenger uses Internet Explorer to display messages, the malicious script will be run with local privilege in the Internet Explorer Temporary Folder. This serious vulnerability could allow attacker gain the victim’s system access.

Inject unexpected script also causes other Yahoo! Messenger’s errors.

AFFECTED VERSION:
	Yahoo! Messenger 8.1.0.29 and previous versions

PROOF OF CONCEPT:
+ Firstname: Hai Nam Luke Hai Nam Luke Hai Nam Luke Hai Nam Luke … ( as long as victim cant see the lastname)
	+ Lastname:  <img src="javascript:alert('Executed from ' + top.location)" >
	+ Request to add victim ID to your contact list.
+ Once victim accepts your request, send him a message and change your online status (Available -> Invisible)

This vulnerability was reported to Yahoo!

Hai Nam Luke <hainamluke@...oo.com>
K46A - NEU

Powered by blists - more mailing lists