[Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS

Morning Wood se_cur_ity at hotmail.com
Mon Apr 17 20:58:41 BST 2006

Previous message: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Next message: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> exploit creates a frameset and redirects to
> http://w00tynetwork.com/x/ ,it's interesting that the

redirects to http://211.22.14.50/.yahoomail/x.htm and spoofs a Yahoo login 
page.
upon entering credentals, the site redirects back to http://mail.yahoo.com 
so it simply looks like a bad login.

211.22.14.50 = www.gbigift.com.tw

cheers,
mw

Previous message: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Next message: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Full-Disclosure is hosted and sponsored by Secunia.