lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <965343.87405.qm@web46105.mail.sp1.yahoo.com>
Date: Sun, 13 Jun 2010 02:00:47 -0700 (PDT)
From: pratul agrawal <pratulag@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Yahoomail Dom Based XSS Vulnerability

Title: Yahoo mail Dom Based Cross Site Scripting

Author: Pratul Agrawal <pratulag[at]yahoo[dot]com>
Date: 13/06/2010
Indian Hacker

Service: Webmail

Vendor: Yahoo mail, and possibly others

Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks

Severity: High

Tested on: Microsoft IE 7.0

Details:

Yahoo mail filter fails to detect script attributes in combination with
the style attribute as a tag, leaving everyone using yahoo mail service
with MSIE vulnerable to Cross Site Scripting including Cookie Theft and
relogin attacks. This is a high risk security vulnerability because the
attacker wont have to make the victim click on any link, all he/she has
to do is to send the javascript code as an html email to the target and
once the victim open the email the malicious code will be executed in
his/her browser.

Impact:

This is totally a dom based xss attack. an application takes the user suplied data and directly feed it into the API designed to show the Newly created folder name n the yahoomail. Throug this an attacker can easily perform a cookie theft attack, Site defacement attack and many more.

Steps of Exploit code:

1. Login the yahoomail with valid credentials.
 
2. Click on inbox.
 
3. Now click on Move to < create New Folder.
 
4. Now enter the javascript "><script>alert('yahoo sucks!')</script> in the field given for creating new folder.
 
5. Press OK and the script get executed.  yahhhhooooo
 
HuReee hUreYYYY


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ