mailing list archives
yahoomail dom based xss vulnerability
From: pratul agrawal <pratulag () yahoo com>
Date: Mon, 14 Jun 2010 21:50:33 -0700 (PDT)
Yahoo mail Dom Based Cross Site
Founder: Pratul Agrawal <pratulag[at]yahoo[dot]com>
Vendor: Yahoo mail, and possibly others
Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks
Tested on: Microsoft IE 7.0
Yahoo mail filter fails to detect script attributes in combination with
the style attribute as a tag, leaving everyone using yahoo mail service
with MSIE vulnerable to Cross Site Scripting including Cookie Theft and
This is totally a dom based xss attack. an application takes the user
suplied data and directly feed it into the API designed to show the
Newly created folder name n the yahoomail. Throug this an attacker can
easily perform a cookie theft attack, Site defacement attack and many
Reproduce1. Login the yahoomail with
2. Click on inbox.
3. Now click on Move < [New Folder].
5. Press OK and the script get executed. yahhhhooooo
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: yahoomail dom based xss vulnerability Chris Evans (Jun 29)
Re: Fw: Re: yahoomail dom based xss vulnerability information security (Jun 22)