Log in
Latest topics
Top posting users this week
| No user |
Nimbuzz id Maker
Yahoo mail Cross Site Scripting vulnerability
Page 1 of 1
Yahoo mail Cross Site Scripting vulnerability
storm Thu Sep 12, 2013 10:55 am
From: simo_at_morx.org
Date: Sun, 25 Dec 2005 18:00:29 -0000 (GMT)
Title: Yahoo mail Cross Site Scripting
Author: Simo Ben youssef aka _6mO_HaCk
Date: 22 December 2005
MorX Security Research Team
http://www.morx.org
Service: Webmail
Vendor: Yahoo mail, and possibly others
Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks
Severity: High
Tested on: Microsoft IE 6.0
Details:
Yahoo mail filter fails to detect script attributes in combination with the style attribute as a tag, leaving everyone using yahoo mail service with MSIE vulnerable to Cross Site Scripting including Cookie Theft and relogin attacks. This is a high risk security vulnerability because the attacker wont have to make the victim click on any link, all he/she has to do is to send the javascript code as an html email to the target and once the victim open the email the malicious code will be executed in his/her browser.
Impact:
an attacker can send the infiltred code as an html email to a yahoo mail user with MSIE. Once the victim open the malicious email the javascript content will be executed in the the target browser. This will allow user's session cookie theft, giving the attacker access to the victim mail box for about 24 hours (until the cookie expires) and also other types of attacks like reloging.
Example of Exploit code:
Screen captures:
www.morx.org/yahoo-cookie.JPG
www.morx.org/yahoo-cookie1.JPG
Solution:
Switch to firefox, or disable script execution
Vendor-status:
i didnt contact yahoo, because i contacted them previously regarding a similar vulnerability, and yes they fixed it "silently" without even sending me a thank you email, frankly i didnt really appreciate that.
Disclaimer:
this entire document is for eductional, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your OWN risk. The exploit code is to be used on your OWN email account. I cannot be held responsible for any of the above.
Note:
Yahoo is vulnerable to others similar vulnerabilites, that was just one exemple of many, demonstrating how it's easy to bypass webmail filters, for more information or details please contact me at simo_at_morx_org. merry christmas everybody and happy new year. if you like this advisory then buy me a blue motherfuc*er next saturday on Alumni club, Schaumburg, IL :D
Date: Sun, 25 Dec 2005 18:00:29 -0000 (GMT)
Title: Yahoo mail Cross Site Scripting
Author: Simo Ben youssef aka _6mO_HaCk
Date: 22 December 2005
MorX Security Research Team
http://www.morx.org
Service: Webmail
Vendor: Yahoo mail, and possibly others
Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks
Severity: High
Tested on: Microsoft IE 6.0
Details:
Yahoo mail filter fails to detect script attributes in combination with the style attribute as a tag, leaving everyone using yahoo mail service with MSIE vulnerable to Cross Site Scripting including Cookie Theft and relogin attacks. This is a high risk security vulnerability because the attacker wont have to make the victim click on any link, all he/she has to do is to send the javascript code as an html email to the target and once the victim open the email the malicious code will be executed in his/her browser.
Impact:
an attacker can send the infiltred code as an html email to a yahoo mail user with MSIE. Once the victim open the malicious email the javascript content will be executed in the the target browser. This will allow user's session cookie theft, giving the attacker access to the victim mail box for about 24 hours (until the cookie expires) and also other types of attacks like reloging.
Example of Exploit code:
Screen captures:
www.morx.org/yahoo-cookie.JPG
www.morx.org/yahoo-cookie1.JPG
Solution:
Switch to firefox, or disable script execution
Vendor-status:
i didnt contact yahoo, because i contacted them previously regarding a similar vulnerability, and yes they fixed it "silently" without even sending me a thank you email, frankly i didnt really appreciate that.
Disclaimer:
this entire document is for eductional, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your OWN risk. The exploit code is to be used on your OWN email account. I cannot be held responsible for any of the above.
Note:
Yahoo is vulnerable to others similar vulnerabilites, that was just one exemple of many, demonstrating how it's easy to bypass webmail filters, for more information or details please contact me at simo_at_morx_org. merry christmas everybody and happy new year. if you like this advisory then buy me a blue motherfuc*er next saturday on Alumni club, Schaumburg, IL :D
storm- Member
- Posts : 155
Points : 458
Reputation : 1
Join date : 2012-12-05
Similar topics» NetDevilz Vulnerability Scanner
» What is HTTP Header Injection Vulnerability
» Sql injection using Sqlmap, backTRack tool , Testing on a shop site
» [B]Mail ICQ Parser
» [B]Mail ICQ Parser
» What is HTTP Header Injection Vulnerability
» Sql injection using Sqlmap, backTRack tool , Testing on a shop site
» [B]Mail ICQ Parser
» [B]Mail ICQ Parser
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
» Mobile Server Available 24/7 Online Service Feel Free For Use
» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU