XSS on Yahoo Mail

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS on Yahoo Mail
From: Richard Fuchshuber <richardfuch@xxxxxxxxxxxx>
Date: Wed, 23 Nov 2005 14:44:34 -0300 (ART)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.br; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=kOUYXmYbgx6qhXnqQfvR6+w3Vo6buOmwI/hsoEeZv8IDi+2mN0yyiTykH+iwYOgMMu37eVXpwt3R+1sFuV8h2laUcPxisnDnMUh8iV7SVmaWBJkrIkXp3sUwGV6HsPcF64k7RlBfMPqpXzcF7kwLtT9bwLfhNGgYv7/RxBtqFpY= ;
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

  Hi,

I've noticed a strange behavior in "Yahoo! Mail" when dealing with html
attachments. It's possible to insert data into the "Yahoo! Mail" html
interface.

For example, with the following code in an html attachment it's possible
to insert "Your profile is out of date, please update clicking here" above
the button "Check Mail".

<?
<TABLE border="1" cellspacing="1" cellpadding="0">
<TR>Your profile is out of date, please update <a
href="www.blabla.com">clicking here.</a></TR>
</TABLE>

I think this could be used in phishing scam.

For a screenshot, see [1]. The circulated text was inserted into interface
of the "Yahoo!  Mail" through an email  with the above code  as an html
attachment.

I tried to contact "Yahoo!" several times, without success.


[1] - http://richard.computeiro.com/yahoo_bug.jpg





        



        
                
_______________________________________________________ 
Yahoo! Acesso Grátis: Internet rápida e grátis. 
Instale o discador agora!
http://br.acesso.yahoo.com/

Follow-Ups:
- Re: XSS on Yahoo Mail
  - From: Personal Account
- RE: XSS on Yahoo Mail
  - From: Will Wesley

Prev by Date: [ GLSA 200511-18 ] phpSysInfo: Multiple vulnerabilities
Next by Date: MDKSA-2005:215 - Updated binutils packages fix vulnerabilities
Previous by thread: [ GLSA 200511-18 ] phpSysInfo: Multiple vulnerabilities
Next by thread: RE: XSS on Yahoo Mail
Index(es):
- Date
- Thread