lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 16 Jun 2010 15:42:26 -0700
From: ㅤ ㅤRockey <skg102@...il.com>
To: Vipul Agarwal <vipul@...tygeeks.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: yahoomail dom based xss vulnerability

Thanks for your information pratul

I do know about DOM and XSS, I wasn't able to reproduce this bug on my end
that's why i requested you to post video on that.

I do agree with vipul that this is not working, and I checked this bug twice
already so i am quite sure about it that this flaw isn't working on
yahoomail. If in case this works then please come up with a POC video :)

Looking forward for your response :)

Cheers,
Rockey

On Tue, Jun 15, 2010 at 10:29 PM, Vipul Agarwal <vipul@...tygeeks.com>wrote:

> Hello Pratul!
>
> I'm sure that the flaw was working on 13th June when you disclosed it on
> the list.
> But its not working today and input is being filtered. Please check it out.
>
>
>
> On Wed, Jun 16, 2010 at 9:49 AM, pratul agrawal <pratulag@...oo.com>wrote:
>
>> Thanks Brother,
>>
>>                       See, how this occurred, Basically in most of the
>> cases Developers  Simply design a APIs and when the client request for any
>> page this APIs gets Stored in the Client side. its main task is to takes the
>> user input and shows the result immediately  to the client without sending
>> request to the server. so when this type of APIs is vulnerable to XSS this
>> is called the DOM based XSS.
>>
>> Now in this case, when we click on [New Folder] for creating any new
>> folder and provide any javascript, it directly took by the API stored in the
>> client side when the inbox page is load in the client side in yahoomail, and
>> get reflected.
>>
>> that's all the story Bro, hope you understand what i really want to say.
>>
>> Thanks,
>> Pratul Agrawal
>>
>> --- On *Tue, 15/6/10, Benji <me@...ji.com>* wrote:
>>
>>
>> From: Benji <me@...ji.com>
>>
>> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
>> To: "pratul agrawal" <pratulag@...oo.com>
>> Cc: "skg102@...il.com" <skg102@...il.com>, "
>> full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>, "
>> security@...oo.com" <security@...oo.com>, "info@...t-in.org.in" <
>> info@...t-in.org.in>
>> Date: Tuesday, 15 June, 2010, 9:57 AM
>>
>>
>> Sup bro
>>
>> I waz checkin owt ur javascriptz skriptz and waz wonderin if u cud explain
>> how diz shiz werks.
>>
>> Peaze.
>>
>> Sent from my iPhone
>>
>> On 15 Jun 2010, at 09:18, pratul agrawal <pratulag@...oo.com<http://mc/compose?to=pratulag@yahoo.com>>
>> wrote:
>>
>> Its working Bro.  I think u had done some mistakes so u try it again with
>> check that javascript execution feature is enable in your browser. and bro
>> for execution of script it is must to use proper syntax that contain special
>> characters. just put "><script>alert(123)<script>  in the New Folderfield comes in the
>> Move button and you will saw a pop up message with 123 reflected.
>>
>> Have a nice time bro,
>> Pratul Agrawal
>>
>> --- On *Tue, 15/6/10, ㅤ ㅤRockey <skg102@...il.com<http://mc/compose?to=skg102@gmail.com>
>> >* wrote:
>>
>>
>> From: ㅤ ㅤRockey <skg102@...il.com <http://mc/compose?to=skg102@gmail.com>
>> >
>> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
>> To:
>> Cc: full-disclosure@...ts.grok.org.uk<http://mc/compose?to=full-disclosure@lists.grok.org.uk>,
>> security@...oo.com <http://mc/compose?to=security@yahoo.com>,
>> <http://mc/compose?to=info@cert-in.org.in>info@...t-in.org.in<http://mc/compose?to=info@cert-in.org.in>
>> Date: Tuesday, 15 June, 2010, 5:10 AM
>>
>>
>> Tried reproducing on yahoo mail
>> both on the classic and new one . Error message i got in both cases were
>>
>> "Sorry, but your folder name has prohibited characters (please use
>> letters, numbers, dashes, and underscores). Please fix it and try again."
>>
>> Cheers,
>> Rockey
>>
>> --
>> It's all about Hacking and Security
>>
>> <http://h4ck3r.in/>http://h4ck3r.in/
>>
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: <http://lists.grok.org.uk/full-disclosure-charter.html>
>> http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - <http://secunia.com/>
>> http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: <http://lists.grok.org.uk/full-disclosure-charter.html>
>> http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - <http://secunia.com/>
>> http://secunia.com/
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> Thanks and Regards,
> Vipul Agarwal
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
It's all about Hacking and Security

http://h4ck3r.in/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ