ddlmail Posted August 11, 2006 Report Share Posted August 11, 2006 Yahoo Multiple VulnerabilitiesVarious Yahoo! services are vulnerable to authentication bypass, sessionbinding, weak cookie encoding, cross-site scripting file inclusion and urlredirection vulnerabilities, which is caused due to improper validation ofuser-supplied inputs.1. Authentication Bypass and Session Binding Vulnerability.A malicious user can log on to the yahoo without submitting the usernameand password by constructing a malicious URL using cookies.2. Cookie Encoding Security Weakness3. Cross-Site Scripting.4. URL redirection.Full Story in http://www.xdisclose.com__________________________________________________________________________ Quote Link to comment Share on other sites More sharing options...
SpLo1T Posted August 11, 2006 Report Share Posted August 11, 2006 Advisory Released : 20th June 06hmmm cred ca e patched Quote Link to comment Share on other sites More sharing options...
Guest Nemessis Posted August 11, 2006 Report Share Posted August 11, 2006 Nu e patched dar nici nu arata mare lucru. E interesant pentru Yahoo Beta ce scrie pe acolo. Quote Link to comment Share on other sites More sharing options...