For
the record: 30 minutes after I posted this, onLoad got changed to onfiltered -
problem fixed by yahoo. :)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of php0t
Sent: Tuesday, June 13, 2006 2:28 AM
To: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Vunerability in yahoo webmail.> Oh, I've CC'd [EMAIL PROTECTED], but if someone else would give them a proper write-up, and encourage> them to close the hole, that'd be wonderful.Since yahoo isn't known for fixing bugs fast unless it's serious (and even then), here's something i wrote up today.The exploit is turned into a script-kiddish interface. Here's how it works:1) you enter your email and the target (@yahoo.com) email2) an email with the exploit is sent to the target3) when the target opens the mail for reading, cookies get stolen and you get a notification on the address specified4) further instructions on how to log in are on the site.Tested on IExplore and Opera, works with both.(I'm taking it down when yahoo fixes it or people abuse it too much)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/