lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <144100.40024.qm@web46104.mail.sp1.yahoo.com>
Date: Mon, 14 Jun 2010 21:50:33 -0700 (PDT)
From: pratul agrawal <pratulag@...oo.com>
To: security@...oo.com
Cc: full-disclosure@...ts.grok.org.uk, info@...t-in.org.in
Subject: yahoomail dom based xss vulnerability

Yahoo mail Dom Based Cross Site 
Scripting

                     Founder: Pratul Agrawal <pratulag[at]yahoo[dot]com>
DescriptionService: Webmail



Vendor: Yahoo mail, and possibly others



Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks



Severity: High



Tested on: Microsoft IE 7.0



Details:



Yahoo mail filter fails to detect script attributes in combination with

the style attribute as a tag, leaving everyone using yahoo mail service

with MSIE vulnerable to Cross Site Scripting including Cookie Theft and

relogin attacks.



Impact:



This is totally a dom based xss attack. an application takes the user 
suplied data and directly feed it into the API designed to show the 
Newly created folder name n the yahoomail. Throug this an attacker can 
easily perform a cookie theft attack, Site defacement attack and many 
more.Steps To 
Reproduce1. Login the yahoomail with 
valid credentials.

 

2. Click on inbox.

 

3. Now click on Move < [New Folder].

 

4. Now enter the javascript "><script>alert('yahoo')</script> in the field given for creating new folder.

 

5. Press OK and the script get executed.  yahhhhooooo
Best Regards,
Pratul Agrawal



Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ