Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [Argeniss] Alert - Yahoo! Webmail XSS
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Tue, 18 Apr 2006 14:23:06 +0100

Morning Wood wrote:
reflecting on this...

the offending url you give is http://w00tynetwork.com/x/
which contains a fake yahoo login ( for webmail )
(( and other exploits embedded within the site ))


you state this is a Yahoo Email vulnerability.

stop me if im wrong...
why would anyone be vulnerable to a Yahoo login redirect phish, if in
fact they are already logged in to read the mail in the first place.

  Dunno about anyone else, but I have occasionally found that Yahoo has a 
bad habit of forgetting I'm authenticated and continually requiring me to 
relogin even in one continuous session.

i can appriciate the possibility of XSS within the Yahoo webmail
interface, just not
with this particular redirect code ( or site url ) you provide.

XSS could be more effectivly used to leverage a browser exploit,
rather than ( trying to )
steal your credentals ala phishing

  Well, maybe they were hoping to be able to read his mail stealthily later 
on, while he wasn't logged in?  If you want to steal the entire contents of 
someones mailbox, you don't really want to use an XSS to automatically 
forward all the mail to somewhere you can get it, since that amount of 
scripting would likely take a noticeable amount of time and transactions 
with yahoo's servers to run and the slow responsiveness of the browser might 
give a clue that something was going on; a better way is just to get their 
password and then login sometime when they're not online or perhaps use the 
pw with POP/IMAP to snarf down the entire lot.

  Or perhaps they were hoping that he uses the same pw in lots of places?


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault