Cross Site Scripting Vulnerability Found In Yahoo

Full Version: Cross Site Scripting Vulnerability Found In Yahoo

GovernmentSecurity.org > The Archives > HTTP Protocol Security

GSecur

Sep 18 2003, 03:31 AM

Cross Site Scripting Vulnerability Found in Yahoo

Summary
A vulnerability in Yahoo web site allows remote attackers to cause it to insert malicious HTML or JavaScript into existing web pages of Yahoo Website.

Details
Every time you use Yahoo messenger to send file to other Yahoo messenger users, Yahoo messenger will ask you whether you want to upload the file to Yahoo servers. If you chose yes then Yahoo messenger will upload the file to Yahoo server and provide you with a link for the downloading process. This link can then be sent to a friend for downloading.

Links typically look like: http://us.f1.yahoofs.com/msgr/YahooID/.tmp...tml?Random_Code

Where:
YahooID: Your Yahoo messenger ID
FileName: Your filename
Random_Code: is a set of random characters (Alphanumeric) which only the person who know this random code is allowed to access to this file.

Now all you need in order to add a malicious HTML or JavaScript is place it after the last "/". The HTML or JavaScript will be parsed into the response received from the server.

Example:
http://us.f1.yahoofs.com/msgr/YahooID/.tmp/< script>alert('Hat-Squad.com');</script>
http://us.f2.yahoofs.com/< script>alert('Hat-Squad.com');</script>
http://us.f2.yahoofs.com/< script>window.open("http://www.hat-squad.com")</script>

Vendor response:
The vendor has been contacted, no response has been received, it appears though that he has fixed the issue.

The information has been provided by nima_majidi.
With this link :
http://www.securiteam.com/securitynews/5QP0M15AUI.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.