JS embedding @ yahoo.com

From: Alan McCaig (alanmccaig@yahoo.co.uk)
Date: 03/28/02 

Date: 28 Mar 2002 11:48:25 -0000
From: Alan McCaig <alanmccaig@yahoo.co.uk>
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is)

Any user can embed JavaScript into there yahoo
profiles. When the user selects to change his picture
then selects point to a photo on the Web. They can
then embed javascript on the end of the url. An
example of this can be viewed here
http://uk.profiles.yahoo.com/embeddedjs
This has been active for a while now and yahoo have
still took no action in fixing it.

Relevant Pages

  • Re: samba as a PDC
    ... So please check the group ownership and user ownership too of netlogon and profiles. ... Win a $20,000 Career Makeover at Yahoo! ... HotJobs ...
    (RedHat)
  • Re: Yahoo Problems
    ... Send me an e-mail with a picture and I'll take a look at it. ... > Where could I check that setting in Yahoo ?? ... Are you sending image files in the *.BMP format? ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Yahoo Problems
    ... They get saved as jpg files camera gives that option..... ... BCC to myself (yahoo box) and it comes out the same way ... >>> problem....but tried to send a picture to a couple of different people, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: help with drapped bodice dress modification
    ... The usual way to illustrate a Usenet post is to put the picture on the ... If you haven't a site of your own, there are several Web sites that ... but eventually Yahoo takes it down for lack of activity. ... joy beeson at comcast dot net ...
    (alt.sewing)
  • Re: Pipes and beards go together
    ... Mustach must end at corners of ... mouth. ... There's a pic of me in this place somewhere, otherwise, go to Yahoo ... profiles, type in ednandu at the search place. ...
    (alt.smokers.pipes)