[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] yahoomail dom based xss vulnerability
- To: Vipul Agarwal <vipul@xxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
- From: ㅤ ㅤRockey <skg102@xxxxxxxxx>
- Date: Wed, 16 Jun 2010 15:42:26 -0700
Thanks for your information pratul
I do know about DOM and XSS, I wasn't able to reproduce this bug on my end
that's why i requested you to post video on that.
I do agree with vipul that this is not working, and I checked this bug twice
already so i am quite sure about it that this flaw isn't working on
yahoomail. If in case this works then please come up with a POC video :)
Looking forward for your response :)
Cheers,
Rockey
On Tue, Jun 15, 2010 at 10:29 PM, Vipul Agarwal <vipul@xxxxxxxxxxxxxx>wrote:
> Hello Pratul!
>
> I'm sure that the flaw was working on 13th June when you disclosed it on
> the list.
> But its not working today and input is being filtered. Please check it out.
>
>
>
> On Wed, Jun 16, 2010 at 9:49 AM, pratul agrawal <pratulag@xxxxxxxxx>wrote:
>
>> Thanks Brother,
>>
>> See, how this occurred, Basically in most of the
>> cases Developers Simply design a APIs and when the client request for any
>> page this APIs gets Stored in the Client side. its main task is to takes the
>> user input and shows the result immediately to the client without sending
>> request to the server. so when this type of APIs is vulnerable to XSS this
>> is called the DOM based XSS.
>>
>> Now in this case, when we click on [New Folder] for creating any new
>> folder and provide any javascript, it directly took by the API stored in the
>> client side when the inbox page is load in the client side in yahoomail, and
>> get reflected.
>>
>> that's all the story Bro, hope you understand what i really want to say.
>>
>> Thanks,
>> Pratul Agrawal
>>
>> --- On *Tue, 15/6/10, Benji <me@xxxxxxxxx>* wrote:
>>
>>
>> From: Benji <me@xxxxxxxxx>
>>
>> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
>> To: "pratul agrawal" <pratulag@xxxxxxxxx>
>> Cc: "skg102@xxxxxxxxx" <skg102@xxxxxxxxx>, "
>> full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>, "
>> security@xxxxxxxxx" <security@xxxxxxxxx>, "info@xxxxxxxxxxxxxx" <
>> info@xxxxxxxxxxxxxx>
>> Date: Tuesday, 15 June, 2010, 9:57 AM
>>
>>
>> Sup bro
>>
>> I waz checkin owt ur javascriptz skriptz and waz wonderin if u cud explain
>> how diz shiz werks.
>>
>> Peaze.
>>
>> Sent from my iPhone
>>
>> On 15 Jun 2010, at 09:18, pratul agrawal
>> <pratulag@xxxxxxxxx<http://mc/compose?to=pratulag@xxxxxxxxx>>
>> wrote:
>>
>> Its working Bro. I think u had done some mistakes so u try it again with
>> check that javascript execution feature is enable in your browser. and bro
>> for execution of script it is must to use proper syntax that contain special
>> characters. just put "><script>alert(123)<script> in the New Folderfield
>> comes in the
>> Move button and you will saw a pop up message with 123 reflected.
>>
>> Have a nice time bro,
>> Pratul Agrawal
>>
>> --- On *Tue, 15/6/10, ㅤ ㅤRockey
>> <skg102@xxxxxxxxx<http://mc/compose?to=skg102@xxxxxxxxx>
>> >* wrote:
>>
>>
>> From: ㅤ ㅤRockey <skg102@xxxxxxxxx <http://mc/compose?to=skg102@xxxxxxxxx>
>> >
>> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
>> To:
>> Cc:
>> full-disclosure@xxxxxxxxxxxxxxxxx<http://mc/compose?to=full-disclosure@xxxxxxxxxxxxxxxxx>,
>> security@xxxxxxxxx <http://mc/compose?to=security@xxxxxxxxx>,
>> <http://mc/compose?to=info@xxxxxxxxxxxxxx>info@xxxxxxxxxxxxxx<http://mc/compose?to=info@xxxxxxxxxxxxxx>
>> Date: Tuesday, 15 June, 2010, 5:10 AM
>>
>>
>> Tried reproducing on yahoo mail
>> both on the classic and new one . Error message i got in both cases were
>>
>> "Sorry, but your folder name has prohibited characters (please use
>> letters, numbers, dashes, and underscores). Please fix it and try again."
>>
>> Cheers,
>> Rockey
>>
>> --
>> It's all about Hacking and Security
>>
>> <http://h4ck3r.in/>http://h4ck3r.in/
>>
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: <http://lists.grok.org.uk/full-disclosure-charter.html>
>> http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - <http://secunia.com/>
>> http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: <http://lists.grok.org.uk/full-disclosure-charter.html>
>> http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - <http://secunia.com/>
>> http://secunia.com/
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> Thanks and Regards,
> Vipul Agarwal
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
It's all about Hacking and Security
http://h4ck3r.in/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/