Doing mouse over shows the truth. On Wed, 2005-11-23 at 12:44, Richard Fuchshuber wrote: > Hi, > > I've noticed a strange behavior in "Yahoo! Mail" when dealing with html > attachments. It's possible to insert data into the "Yahoo! Mail" html > interface. > > For example, with the following code in an html attachment it's possible > to insert "Your profile is out of date, please update clicking here" above > the button "Check Mail". > > <? > <TABLE border="1" cellspacing="1" cellpadding="0"> > <TR>Your profile is out of date, please update <a > href="www.blabla.com">clicking here.</a></TR> > </TABLE> > > I think this could be used in phishing scam. > > For a screenshot, see [1]. The circulated text was inserted into interface > of the "Yahoo! Mail" through an email with the above code as an html > attachment. > > I tried to contact "Yahoo!" several times, without success. > > > [1] - http://richard.computeiro.com/yahoo_bug.jpg > > > > > > > > > > > > _______________________________________________________ > Yahoo! Acesso Grátis: Internet rápida e grátis. > Instale o discador agora! > http://br.acesso.yahoo.com/ >
