lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C9A5887EEBAB4FE4A51F5FB118A2BBC9@minhbqPC>
Date: Tue, 6 Jan 2009 11:52:15 +0700
From: "SVRT-Bkis" <svrt@...v.com.vn>
To: <full-disclosure@...ts.grok.org.uk>,
	<bugtraq@...urityfocus.com>
Subject: [SVRT-01-09] Redirection Vulnerability in Yahoo!
	Advertising Service

[SVRT-01-09] Redirection Vulnerability in Yahoo! Advertising Service

1. General Information
On December 22, 2008, SVRT-BKIS found a vulnerability in Yahoo! Wap Service. 
This is the second vulnerability discovered by BKIS in cell phone Web 
platform, the first one was found in Google Wap Proxy.

Taking advantage of this flaw, hackers can perform redirection attack, which 
means they are able to send users to their malicious websites. We have 
notified Yahoo! of this vulnerability.

Details : http://security.bkis.vn/?p=324
SVRT Advisory : SVRT-01-09
Initial vendor notification : 12-23-2008
Release Date : 01-06-2009
Update Date : 01-06-2009
Discovered by : Dau Huy Ngoc - SVRT-Bkis
Attack Type : Redirection
Security Rating : High
Impact : Phishing
Affected Software : Ads image at http://m.yahoo.com

2. Technical Description
The flaw lies in the advertising section of Yahoo! Wap Service, which allows 
displaying advertisements when users visit Yahoo! Wap address 
http://m.yahoo.com.

More specifically, this advertising section includes a link with the 
following format and it is this link that contains the flaw.
http://us.ard.yahoo.com/SIG=17a4cd16v...=12etp7f3d/*[http://ads_image]

Note: this link may be expired after several days; you can recreate a new 
link following these steps:
        o Open http://m.yahoo.com
        o At the top of the page, get link of advertising image (here is 
precisely vulnerable link).
        o Edit this link by replacing URL after "/*" to an arbitrary 
address.
        o Open the edited link with your browser to see the redirection of 
this vulnerability.

If users clink directly on this link, their browsers will automatically 
redirect them to the address [http://anh_quang_cao] and everything on that 
site can be accessed, which makes it a Redirection vulnerability.

In order to exploit, hackers only need to change the address 
[http://ads_image] in the previous link to their website address and send 
the link to users. As this link uses Yahoo! domain name, users easily think 
it is safe and if the destination website contains malicious code or 
cheating content, hacker can steal users' sensitive information or even take 
control of their computers remotely.

3. Solution
Rating this vulnerability high severity, Bkis recommends that users:
-       Be cautious with strange links, even links starting with domain 
names of well-known companies like Google, Yahoo!, and Microsoft.
-       Do not access links starting with http://us.ard.yahoo.com.

Credits
Thanks to Dau Huy Ngoc for working together with us in the detection and 
alert process of this vulnerability.


SVRT-Bkis
 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ