XSS on Yahoo Mail
From: Richard Fuchshuber (richardfuch_at_yahoo.com.br)
Date: Wed, 23 Nov 2005 14:44:34 -0300 (ART) To: firstname.lastname@example.org
I've noticed a strange behavior in "Yahoo! Mail" when dealing with html
attachments. It's possible to insert data into the "Yahoo! Mail" html
For example, with the following code in an html attachment it's possible
to insert "Your profile is out of date, please update clicking here" above
the button "Check Mail".
<TABLE border="1" cellspacing="1" cellpadding="0">
<TR>Your profile is out of date, please update <a
I think this could be used in phishing scam.
For a screenshot, see . The circulated text was inserted into interface
of the "Yahoo! Mail" through an email with the above code as an html
I tried to contact "Yahoo!" several times, without success.
Yahoo! Acesso Grátis: Internet rápida e grátis.
Instale o discador agora!