Network Security: Detailed info on Re: XSS on Yahoo Mail

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: XSS on Yahoo Mail

from [Lance James] Network Security

[Permanent Link]

Subject:	Re: XSS on Yahoo Mail
Date:	Sun, 27 Nov 2005 15:50:15 -0800

alireza hassani wrote:

--- Will Wesley <willwesleyccna@yahoo.de> wrote:

Anyway, a solution is really quite simple.
Allow users to disable HTML in their email, or why

not by >default? 

Don't you think this is not a real solution?
User must be safe to use any option and also full
performances.


This HTML stuff should be allowed, but controlled - similar to on blogs.
Unfortunately I have found very bad hole in the compose mail section of
yahoo when HTML is on, but that just means that they should filter
better for HTML features.

Alireza Hassani (http://www.kapda.ir)



              
__________________________________ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free. 
http://music.yahoo.com/unlimited/



-- 
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
XSS on Yahoo Mail, Richard Fuchshuber RE: XSS on Yahoo Mail, Will Wesley Re: XSS on Yahoo Mail, Steven Champeon Re: XSS on Yahoo Mail, Will Wesley Re: XSS on Yahoo Mail, Jim Ley RE: XSS on Yahoo Mail, Richard Fuchshuber Re: XSS on Yahoo Mail, Personal Account Re: XSS on Yahoo Mail, little . hacker Re: XSS on Yahoo Mail, Matan Peled Re: XSS on Yahoo Mail, alireza hassani Re: XSS on Yahoo Mail, Lance James <=

Previous by Date:	APC Security Advisory - PowerChute Network Shutdown's Web Interface Only Supports HTTP, Security . advisory
Next by Date:	ZRCSA-200503 - ktools Buffer Overflow Vulnerability, siegfried
Previous by Thread:	Re: XSS on Yahoo Mail, alireza hassani
Next by Thread:	MDKSA-2005:215 - Updated binutils packages fix vulnerabilities, Mandriva Security Team
Indexes:	[Date] [Thread] [Top] [All Lists]