-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jann, you're right...bad description here (too much copy & paste) :) The XSS is cookie-based, so you can find it in the cookie with the payload. Please see "&intl=dec52a6"-alert(document.domain)-"c8d9133635e;" Kind regards, Stefan Am 08.03.2014 11:40, schrieb Jann Horn: > On Sat, Mar 08, 2014 at 11:24:03AM +0100, Stefan Schurtz wrote: >> The 'intl'-Paramter on "https://de-mg42.mail.yahoo.com/"; is >> prone to a Cross-site Scripting vulnerability [...] GET >> https://de-mg42.mail.yahoo.com/neo/launch?.rand=02j5el0e9m3mr >> >> Host: de-mg42.mail.yahoo.com [...] > > Uh, where is that intl parameter you speak of? the only parameter > I see here is .rand, which, as far as I know, just serves to > circumvent caching. And where is the XSS payload? > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlMa+J0ACgkQg3svV2LcbMCRLwCfR1L1XiqxEjnT4F8Z/MYJFbLS KSoAnRQAMaK6woO866COwlK1kPsYaueu =wg9L -----END PGP SIGNATURE-----
Attachment:
0x62DC6CC0.asc
Description: application/pgp-keys
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/