06-16-2007, 09:51 AM
Quote:Summary:
* Critical cross-site scripting (XSS) defect in Yahoo services is discovered
* Proof of concept of exploit is included
* XSS bugs are on the rise because of web 2.0+
* The web industry is mostly negligent about dealing with XSS...
The simple code to take over anyone's Yahoo account is included at the bottom fo this article. If you were to visit this naughty link, your web browser would show the last email in your inbox displayed on a web site that is not part of Yahoo. What the simple link does is allow a program to navigate through your email account pretending to be you and download emails onto the attackers web site, allowing them to read all your conversations with iheartsanjaya3 you met on myspace...
full article: http://netcooties.blogspot.com/2007/06/y...-care.html