Full Disclosure: Re: yahoomail dom based xss vulnerability

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

Re: yahoomail dom based xss vulnerability

From: Benji <me () b3nji com>
Date: Tue, 15 Jun 2010 10:57:58 +0100

Sup bro

I waz checkin owt ur javascriptz skriptz and waz wonderin if u cudexplain how diz shiz werks.


Peaze.

Sent from my iPhone

On 15 Jun 2010, at 09:18, pratul agrawal <pratulag () yahoo com> wrote:

Its working Bro. I think u had done some mistakes so u try it againwith check that javascript execution feature is enable in yourbrowser. and bro for execution of script it is must to use propersyntax that contain special characters. just put "><script>alert(123)<script> in the New Folder field comes in the Move button and youwill saw a pop up message with 123 reflected.
Have a nice time bro,
Pratul Agrawal

--- On Tue, 15/6/10, ㅤ ㅤRockey <skg102 () gmail com> wrote:

From: ㅤ ㅤRockey <skg102 () gmail com>
Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
To:
Cc: full-disclosure () lists grok org uk, security () yahoo com, info () cert-in org in
Date: Tuesday, 15 June, 2010, 5:10 AM


Tried reproducing on yahoo mail
both on the classic and new one . Error message i got in both caseswere
"Sorry, but your folder name has prohibited characters (please useletters, numbers, dashes, and underscores). Please fix it and tryagain."
Cheers,
Rockey

--
It's all about Hacking and Security

http://h4ck3r.in/


-----Inline Attachment Follows-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Yahoomail Dom Based XSS Vulnerability pratul agrawal (Jun 13)
- <Possible follow-ups>
- yahoomail dom based xss vulnerability pratul agrawal (Jun 15)
  - Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 15)
    - Re: yahoomail dom based xss vulnerability pratul agrawal (Jun 15)
    - Re: yahoomail dom based xss vulnerability Benji (Jun 15)
    - Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 15)
    - Re: yahoomail dom based xss vulnerability pratul agrawal (Jun 16)
    - Re: yahoomail dom based xss vulnerability Vipul Agarwal (Jun 16)
    - Re: yahoomail dom based xss vulnerability ㅤ ㅤRockey (Jun 16)
  - Re: yahoomail dom based xss vulnerability Chris Evans (Jun 29)
- Re: Fw: Re: yahoomail dom based xss vulnerability information security (Jun 22)