Date: Sun, 25 Dec 2005 18:00:29 -0000 (GMT)
Title: Yahoo mail Cross Site Scripting
Author: Simo Ben youssef aka _6mO_HaCk
Date: 22 December 2005
MorX Security Research Team
Vendor: Yahoo mail, and possibly others
Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks
Tested on: Microsoft IE 6.0
Example of Exploit code:
Switch to firefox, or disable script execution
i didnt contact yahoo, because i contacted them previously regarding a similar vulnerability, and yes they fixed it "silently" without even sending me a thank you email, frankly i didnt really appreciate that.
this entire document is for eductional, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your OWN risk. The exploit code is to be used on your OWN email account. I cannot be held responsible for any of the above.
Yahoo is vulnerable to others similar vulnerabilites, that was just one exemple of many, demonstrating how it's easy to bypass webmail filters, for more information or details please contact me at simo_at_morx_org. merry christmas everybody and happy new year. if you like this advisory then buy me a blue motherfuc*er next saturday on Alumni club, Schaumburg, IL :D
- Posts: 155
Join date: 2012-12-05