[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Fw: Re: yahoomail dom based xss vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Fw: Re: yahoomail dom based xss vulnerability
- From: information security <informationhacker08@xxxxxxxxx>
- Date: Tue, 22 Jun 2010 22:23:08 +0530
yes pratul it was working on 13th june :)
>
>
> --- On *Wed, 16/6/10, Vipul Agarwal <vipul@xxxxxxxxxxxxxx>* wrote:
>
>
> From: Vipul Agarwal <vipul@xxxxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
> To: "pratul agrawal" <pratulag@xxxxxxxxx>
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Date: Wednesday, 16 June, 2010, 5:29 AM
>
> Hello Pratul!
>
> I'm sure that the flaw was working on 13th June when you disclosed it on
> the list.
> But its not working today and input is being filtered. Please check it out.
>
>
> On Wed, Jun 16, 2010 at 9:49 AM, pratul agrawal
> <pratulag@xxxxxxxxx<http://mc/compose?to=pratulag@xxxxxxxxx>
> > wrote:
>
>> Thanks Brother,
>>
>> See, how this occurred, Basically in most of the
>> cases Developers Simply design a APIs and when the client request for any
>> page this APIs gets Stored in the Client side. its main task is to takes the
>> user input and shows the result immediately to the client without sending
>> request to the server. so when this type of APIs is vulnerable to XSS this
>> is called the DOM based XSS.
>>
>> Now in this case, when we click on [New Folder] for creating any new
>> folder and provide any javascript, it directly took by the API stored in the
>> client side when the inbox page is load in the client side in yahoomail, and
>> get reflected.
>>
>> that's all the story Bro, hope you understand what i really want to say.
>>
>> Thanks,
>> Pratul Agrawal
>>
>> --- On *Tue, 15/6/10, Benji <me@xxxxxxxxx<http://mc/compose?to=me@xxxxxxxxx>
>> >* wrote:
>>
>>
>> From: Benji <me@xxxxxxxxx <http://mc/compose?to=me@xxxxxxxxx>>
>>
>> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
>> To: "pratul agrawal"
>> <pratulag@xxxxxxxxx<http://mc/compose?to=pratulag@xxxxxxxxx>
>> >
>> Cc: "skg102@xxxxxxxxx <http://mc/compose?to=skg102@xxxxxxxxx>" <
>> skg102@xxxxxxxxx <http://mc/compose?to=skg102@xxxxxxxxx>>, "
>> full-disclosure@xxxxxxxxxxxxxxxxx<http://mc/compose?to=full-disclosure@xxxxxxxxxxxxxxxxx>"
>> <full-disclosure@xxxxxxxxxxxxxxxxx<http://mc/compose?to=full-disclosure@xxxxxxxxxxxxxxxxx>>,
>> "security@xxxxxxxxx <http://mc/compose?to=security@xxxxxxxxx>" <
>> security@xxxxxxxxx <http://mc/compose?to=security@xxxxxxxxx>>, "
>> info@xxxxxxxxxxxxxx <http://mc/compose?to=info@xxxxxxxxxxxxxx>" <
>> info@xxxxxxxxxxxxxx <http://mc/compose?to=info@xxxxxxxxxxxxxx>>
>> Date: Tuesday, 15 June, 2010, 9:57 AM
>>
>>
>> Sup bro
>>
>> I waz checkin owt ur javascriptz skriptz and waz wonderin if u cud explain
>> how diz shiz werks.
>>
>> Peaze.
>>
>> Sent from my iPhone
>>
>> On 15 Jun 2010, at 09:18, pratul agrawal
>> <pratulag@xxxxxxxxx<http://mc/compose?to=pratulag@xxxxxxxxx>>
>> wrote:
>>
>> Its working Bro. I think u had done some mistakes so u try it again with
>> check that javascript execution feature is enable in your browser. and bro
>> for execution of script it is must to use proper syntax that contain special
>> characters. just put "><script>alert(123)<script> in the New Folderfield
>> comes in the
>> Move button and you will saw a pop up message with 123 reflected.
>>
>> Have a nice time bro,
>> Pratul Agrawal
>>
>> --- On *Tue, 15/6/10, ㅤ ㅤRockey
>> <skg102@xxxxxxxxx<http://mc/compose?to=skg102@xxxxxxxxx>
>> >* wrote:
>>
>>
>> From: ㅤ ㅤRockey <skg102@xxxxxxxxx <http://mc/compose?to=skg102@xxxxxxxxx>
>> >
>> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability
>> To:
>> Cc:
>> full-disclosure@xxxxxxxxxxxxxxxxx<http://mc/compose?to=full-disclosure@xxxxxxxxxxxxxxxxx>,
>> security@xxxxxxxxx <http://mc/compose?to=security@xxxxxxxxx>,
>> info@xxxxxxxxxxxxxx <http://mc/compose?to=info@xxxxxxxxxxxxxx>
>> Date: Tuesday, 15 June, 2010, 5:10 AM
>>
>>
>> Tried reproducing on yahoo mail
>> both on the classic and new one . Error message i got in both cases were
>>
>> "Sorry, but your folder name has prohibited characters (please use
>> letters, numbers, dashes, and underscores). Please fix it and try again."
>>
>> Cheers,
>> Rockey
>>
>> --
>> It's all about Hacking and Security
>>
>> http://h4ck3r.in/
>>
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> Thanks and Regards,
> Vipul Agarwal
>
>
>
>
>
> --
> Asheesh (Anaconda)
> ------------------------------------------------------
> [Web] http://www.asheesh2000.co.nr
> [Blog] http://asheesh2000.blogspot.com/
> [twitter]http://twitter.com/akmanit2000
> "attaining one hundred victories in one hundred battles is not the pinnacle
> of excellence. Subjugating the enemy's army without fighting is the true
> pinnacle of excellence."."
>
>
>
> "The future is not some place we are going to, but one we are creating. The
> paths are not to be found, but made, and the activity of making them,
> changes both the maker and the destination."
> ------------------------------------------------------
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/