[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS

To: "Cesar" <cesarc56@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
Date: Mon, 17 Apr 2006 20:34:16 -0700

reflecting on this...

the offending url you give is http://w00tynetwork.com/x/
which contains a fake yahoo login ( for webmail )
(( and other exploits embedded within the site ))


you state this is a Yahoo Email vulnerability.

stop me if im wrong...

why would anyone be vulnerable to a Yahoo login redirect phish, if in factthey are already logged in to read the mail in the first place.

i can appriciate the possibility of XSS within the Yahoo webmail interface,just not

with this particular redirect code ( or site url ) you provide.

XSS could be more effectivly used to leverage a browser exploit, rather than( trying to )

steal your credentals ala phishing

2cents,

MW

References:
- [Argeniss] Alert - Yahoo! Webmail XSS
  - From: Cesar

Prev by Date: Remote Xine Format String Vulnerability
Next by Date: Another flaw in Firefox 1.5.0.2: to open files from remote
Previous by thread: [Argeniss] Alert - Yahoo! Webmail XSS
Next by thread: Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Index(es):
- Date
- Thread