[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTil3CCyGX973leA5r-Y8_W9fj4_28NBjTj2oICCl@mail.gmail.com>
Date: Tue, 22 Jun 2010 22:23:08 +0530
From: information security <informationhacker08@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Fw: Re: yahoomail dom based xss vulnerability
yes pratul it was working on 13th june :)
>
>
> --- On *Wed, 16/6/10, Vipul Agarwal <vipul@...tygeeks.com>* wrote:
>
>
> From: Vipul Agarwal <vipul@...tygeeks.com>
> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
> To: "pratul agrawal" <pratulag@...oo.com>
> Cc: full-disclosure@...ts.grok.org.uk
> Date: Wednesday, 16 June, 2010, 5:29 AM
>
> Hello Pratul!
>
> I'm sure that the flaw was working on 13th June when you disclosed it on
> the list.
> But its not working today and input is being filtered. Please check it out.
>
>
> On Wed, Jun 16, 2010 at 9:49 AM, pratul agrawal <pratulag@...oo.com<http://mc/compose?to=pratulag@yahoo.com>
> > wrote:
>
>> Thanks Brother,
>>
>> See, how this occurred, Basically in most of the
>> cases Developers Simply design a APIs and when the client request for any
>> page this APIs gets Stored in the Client side. its main task is to takes the
>> user input and shows the result immediately to the client without sending
>> request to the server. so when this type of APIs is vulnerable to XSS this
>> is called the DOM based XSS.
>>
>> Now in this case, when we click on [New Folder] for creating any new
>> folder and provide any javascript, it directly took by the API stored in the
>> client side when the inbox page is load in the client side in yahoomail, and
>> get reflected.
>>
>> that's all the story Bro, hope you understand what i really want to say.
>>
>> Thanks,
>> Pratul Agrawal
>>
>> --- On *Tue, 15/6/10, Benji <me@...ji.com<http://mc/compose?to=me@b3nji.com>
>> >* wrote:
>>
>>
>> From: Benji <me@...ji.com <http://mc/compose?to=me@b3nji.com>>
>>
>> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
>> To: "pratul agrawal" <pratulag@...oo.com<http://mc/compose?to=pratulag@yahoo.com>
>> >
>> Cc: "skg102@...il.com <http://mc/compose?to=skg102@gmail.com>" <
>> skg102@...il.com <http://mc/compose?to=skg102@gmail.com>>, "
>> full-disclosure@...ts.grok.org.uk<http://mc/compose?to=full-disclosure@lists.grok.org.uk>"
>> <full-disclosure@...ts.grok.org.uk<http://mc/compose?to=full-disclosure@lists.grok.org.uk>>,
>> "security@...oo.com <http://mc/compose?to=security@yahoo.com>" <
>> security@...oo.com <http://mc/compose?to=security@yahoo.com>>, "
>> info@...t-in.org.in <http://mc/compose?to=info@cert-in.org.in>" <
>> info@...t-in.org.in <http://mc/compose?to=info@cert-in.org.in>>
>> Date: Tuesday, 15 June, 2010, 9:57 AM
>>
>>
>> Sup bro
>>
>> I waz checkin owt ur javascriptz skriptz and waz wonderin if u cud explain
>> how diz shiz werks.
>>
>> Peaze.
>>
>> Sent from my iPhone
>>
>> On 15 Jun 2010, at 09:18, pratul agrawal <pratulag@...oo.com<http://mc/compose?to=pratulag@yahoo.com>>
>> wrote:
>>
>> Its working Bro. I think u had done some mistakes so u try it again with
>> check that javascript execution feature is enable in your browser. and bro
>> for execution of script it is must to use proper syntax that contain special
>> characters. just put "><script>alert(123)<script> in the New Folderfield comes in the
>> Move button and you will saw a pop up message with 123 reflected.
>>
>> Have a nice time bro,
>> Pratul Agrawal
>>
>> --- On *Tue, 15/6/10, ㅤ ㅤRockey <skg102@...il.com<http://mc/compose?to=skg102@gmail.com>
>> >* wrote:
>>
>>
>> From: ㅤ ㅤRockey <skg102@...il.com <http://mc/compose?to=skg102@gmail.com>
>> >
>> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
>> To:
>> Cc: full-disclosure@...ts.grok.org.uk<http://mc/compose?to=full-disclosure@lists.grok.org.uk>,
>> security@...oo.com <http://mc/compose?to=security@yahoo.com>,
>> info@...t-in.org.in <http://mc/compose?to=info@cert-in.org.in>
>> Date: Tuesday, 15 June, 2010, 5:10 AM
>>
>>
>> Tried reproducing on yahoo mail
>> both on the classic and new one . Error message i got in both cases were
>>
>> "Sorry, but your folder name has prohibited characters (please use
>> letters, numbers, dashes, and underscores). Please fix it and try again."
>>
>> Cheers,
>> Rockey
>>
>> --
>> It's all about Hacking and Security
>>
>> http://h4ck3r.in/
>>
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> Thanks and Regards,
> Vipul Agarwal
>
>
>
>
>
> --
> Asheesh (Anaconda)
> ------------------------------------------------------
> [Web] http://www.asheesh2000.co.nr
> [Blog] http://asheesh2000.blogspot.com/
> [twitter]http://twitter.com/akmanit2000
> "attaining one hundred victories in one hundred battles is not the pinnacle
> of excellence. Subjugating the enemy's army without fighting is the true
> pinnacle of excellence."."
>
>
>
> "The future is not some place we are going to, but one we are creating. The
> paths are not to be found, but made, and the activity of making them,
> changes both the maker and the destination."
> ------------------------------------------------------
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists