Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messeng

from [hainamluke] Network Security [Permanent Link]
Subject: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger
Date: 26 Jan 2007 15:26:34 -0000 
DESCRIPTION:
I?ve found a cross-site scripting vulnerability in Yahoo! Messenger, a popular 
advertisement-supported instant messaging client and protocol provided by 
Yahoo! Attacker can inject a malicious script with local privilege to Y!M 
notification message. 

The vulnerability is discovered in the chat dialog. The automatic notification 
message of Yahoo! Messenger, for instance ?Hai Nam  Luke has signed out. 
(1/26/2007 10:03 PM)? or ?Hai Nam Luke has signed back in. (1/26/2007 10:04 
PM)? can be easily exploited with injecting a malicious script to. Script is 
disabled in chat messages but system notification messasage. That Yahoo 
Messenger uses Internet Explorer to display messages, the malicious script will 
be run with local privilege in the Internet Explorer Temporary Folder. This 
serious vulnerability could allow attacker gain the victim?s system access.

Inject unexpected script also causes other Yahoo! Messenger?s errors.

AFFECTED VERSION:
        Yahoo! Messenger 8.1.0.29 and previous versions

PROOF OF CONCEPT:
+ Firstname: Hai Nam Luke Hai Nam Luke Hai Nam Luke Hai Nam Luke ? ( as long as 
victim cant see the lastname)
        + Lastname:  <img src="javascript:alert('Executed from ' + 
top.location)" >
        + Request to add victim ID to your contact list.
+ Once victim accepts your request, send him a message and change your online 
status (Available -> Invisible)

This vulnerability was reported to Yahoo!

Hai Nam Luke <hainamluke@yahoo.com>
K46A - NEU
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, S21sec Labs
Next by Date:  [Full-disclosure] iDefense Security Advisory 01.26.07: Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability, iDefense Labs
Previous by Thread:  [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability, S21sec Labs
Next by Thread:  RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Ahmed Sheipani
Indexes:  [Date] [Thread] [Top] [All Lists]