TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Search Engines, Directories, SEO, and Site Promotion > Search Engines, Directories, SEO, and Site Promotion > Search Engines > Yahoo Search > Major Yahoo Cross Site Scripting Vulnerability Endangers User Accounts, Email
Full Version: Major Yahoo Cross Site Scripting Vulnerability Endangers User Accounts, Email
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mandy

06-16-2007, 09:51 AM
Quote:Summary:

    * Critical cross-site scripting (XSS) defect in Yahoo services is discovered
    * Proof of concept of exploit is included
    * XSS bugs are on the rise because of web 2.0+
    * The web industry is mostly negligent about dealing with XSS...

The simple code to take over anyone's Yahoo account is included at the bottom fo this article. If you were to visit this naughty link, your web browser would show the last email in your inbox displayed on a web site that is not part of Yahoo. What the simple link does is allow a program to navigate through your email account pretending to be you and download emails onto the attacker’s web site, allowing them to read all your conversations with iheartsanjaya3 you met on myspace...

full article: http://netcooties.blogspot.com/2007/06/y...-care.html
TulipTools Internet Business Owners and Online Sellers Community > Search Engines, Directories, SEO, and Site Promotion > Search Engines, Directories, SEO, and Site Promotion > Search Engines > Yahoo Search > Major Yahoo Cross Site Scripting Vulnerability Endangers User Accounts, Email