Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS

To: "Cesar" <cesarc56@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
Date: Mon, 17 Apr 2006 12:58:41 -0700
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060417190234.20495.qmail@xxxxxxxxxxxxxxxxxxxxxxx>

exploit creates a frameset and redirects to
http://w00tynetwork.com/x/ ,it's interesting that the

redirects to http://211.22.14.50/.yahoomail/x.htm and spoofs a Yahoo loginpage.upon entering credentals, the site redirects back to http://mail.yahoo.comso it simply looks like a bad login.


211.22.14.50 = www.gbigift.com.tw

cheers,

mw

References:
- [Argeniss] Alert - Yahoo! Webmail XSS
  - From: Cesar

Prev by Date: blur6ex Local File Inclusion and SQL injection .
Next by Date: Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
Previous by thread: Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Next by thread: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
Index(es):
- Date
- Thread