[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Yahoo webmail 1-day cookie stealing POC

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Yahoo webmail 1-day cookie stealing POC
From: "php0t" <very@xxxxxxxxxxxxx>
Date: Wed, 14 Jun 2006 23:33:24 +0200

  Found a new javascript escape for yahoo webmail, works with explorer,
cookie stealing can begin yet again.
You must give a correct source address to be able to get a cookie. Do
not abuse, thx.

Proof-of-concept (kind-of):

http://zmailhost.ath.cx/

php0t
www.zorro.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDKSA-2006:102 ] - Updated libtiff packages fixes tiff2pdf vulnerability
Next by Date: [Full-disclosure] [ MDKSA-2006:103 ] - Updated spamassassin packages fix vulnerability
Previous by thread: [Full-disclosure] [ MDKSA-2006:102 ] - Updated libtiff packages fixes tiff2pdf vulnerability
Next by thread: [Full-disclosure] [ MDKSA-2006:103 ] - Updated spamassassin packages fix vulnerability
Index(es):
- Date
- Thread