Yahoo Mail XSS Vulnerability
Here are some details about a XSS vulnerability in Yahoo Mail on the Net Cookies blog.
The posting has two sets of code, one to be hosted on a web server and the other, a Ruby script, for generating links to the Yahoo vulnerability. The attacker then runs the address of the hosted code through the Ruby script.
This isn't rocket science. It's a textbook XSS exploit, where XSS is used to steal a cookie, send it to the hacker's server, where it's used to hack the victim's session.
The post has a lot of detail not only about the exploit but about the apathy of the developer community toward XSS despite how rampant a problem it is.
It's that easy.
The posting has two sets of code, one to be hosted on a web server and the other, a Ruby script, for generating links to the Yahoo vulnerability. The attacker then runs the address of the hosted code through the Ruby script.
This isn't rocket science. It's a textbook XSS exploit, where XSS is used to steal a cookie, send it to the hacker's server, where it's used to hack the victim's session.
The post has a lot of detail not only about the exploit but about the apathy of the developer community toward XSS despite how rampant a problem it is.
It's that easy.
posted by The IT Security Guy at 1:18 PM
0 Comments:
Post a Comment
<< Home