[NEWS] Cross Site Scripting Vulnerability Found in Yahoo WebSite
From: SecuriTeam (support_at_securiteam.com)
Date: 08/24/03
- Previous message: SecuriTeam: "[NT] Remote DoS in Blubster"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 24 Aug 2003 16:41:09 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Cross Site Scripting Vulnerability Found in Yahoo WebSite
------------------------------------------------------------------------
SUMMARY
A vulnerability in Yahoo web site allows remote attackers to cause it to
insert malicious HTML or JavaScript into existing web pages of Yahoo
Website.
DETAILS
Every time you use Yahoo messenger to send file to other Yahoo messenger
users, Yahoo messenger will ask you whether you want to upload the file to
Yahoo servers. If you chose yes then Yahoo messenger will upload the file
to Yahoo server and provide you with a link for the downloading process.
This link can then be sent to a friend for downloading.
Links typically look like:
http://us.f1.yahoofs.com/msgr/YahooID/.tmp/Filename.html?Random_Code
Where:
YahooID: Your Yahoo messenger ID
FileName: Your filename
Random_Code: is a set of random characters (Alphanumeric) which only the
person who know this random code is allowed to access to this file.
Now all you need in order to add a malicious HTML or JavaScript is place
it after the last "/". The HTML or JavaScript will be parsed into the
response received from the server.
Example:
http://us.f1.yahoofs.com/msgr/YahooID/.tmp/<
script>alert('Hat-Squad.com');</script>
http://us.f2.yahoofs.com/< script>alert('Hat-Squad.com');</script>
http://us.f2.yahoofs.com/<
script>window.open("http://www.hat-squad.com")</script>
Vendor response:
The vendor has been contacted, no response has been received, it appears
though that he has fixed the issue.
ADDITIONAL INFORMATION
The information has been provided by <mailto:nima_majidi@hat-squad.com>
nima_majidi.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Remote DoS in Blubster"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
