Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
Date: Mon, 17 Apr 2006 12:58:41 -0700
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
References: <20060417190234.20495.qmail@xxxxxxxxxxxxxxxxxxxxxxx>

exploit creates a frameset and redirects to
http://w00tynetwork.com/x/ ,it's interesting that the

redirects to http://211.22.14.50/.yahoomail/x.htm and spoofs a Yahoo loginpage.upon entering credentals, the site redirects back to http://mail.yahoo.comso it simply looks like a bad login.


211.22.14.50 = www.gbigift.com.tw

cheers,

mw

References:
- [Argeniss] Alert - Yahoo! Webmail XSS
  - From: Cesar

Prev by Date: blur6ex Local File Inclusion and SQL injection .
Next by Date: Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
Previous by thread: Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Next by thread: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux