Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Mes

from [3B.Security Researcher] Network Security [Permanent Link]
Subject: Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger
Date: Sun, 28 Jan 2007 01:13:40 +0530 
Hi friends,

Bingo! It works on the Y!messenger version 8.1.0.209 and have verified
it on my setup.
Quite strange indeed! Good finding ;) Let us see if it can be "really"
exploited.

Cheers!

On 1/28/07, Ahmed Sheipani <sheipani@gmail.com> wrote: 
Hello
I have just tested this with Yahoo! Messenger 8.1.0.209 , and it does not
seem to work..

However, I noticed that after setting the FirstName parameter to a very long
one, the automatic notification message does not appear anymore.

-----Original Message-----
From: hainamluke@yahoo.com [mailto:hainamluke@yahoo.com]
Sent: Friday, January 26, 2007 7:27 AM
To: bugtraq@securityfocus.com
Subject: Cross-site Scripting with Local Privilege Vulnerability in Yahoo
Messenger
Importance: High

DESCRIPTION:
I've found a cross-site scripting vulnerability in Yahoo! Messenger, a
popular advertisement-supported instant messaging client and protocol
provided by Yahoo! Attacker can inject a malicious script with local
privilege to Y!M notification message.

The vulnerability is discovered in the chat dialog. The automatic
notification message of Yahoo! Messenger, for instance "Hai Nam  Luke has
signed out. (1/26/2007 10:03 PM)" or "Hai Nam Luke has signed back in.
(1/26/2007 10:04 PM)" can be easily exploited with injecting a malicious
script to. Script is disabled in chat messages but system notification
messasage. That Yahoo Messenger uses Internet Explorer to display messages,
the malicious script will be run with local privilege in the Internet
Explorer Temporary Folder. This serious vulnerability could allow attacker
gain the victim's system access.

Inject unexpected script also causes other Yahoo! Messenger's errors.

AFFECTED VERSION:
       Yahoo! Messenger 8.1.0.29 and previous versions

PROOF OF CONCEPT:
+ Firstname: Hai Nam Luke Hai Nam Luke Hai Nam Luke Hai Nam Luke . ( as long
as victim cant see the lastname)
       + Lastname:  <img src="javascript:alert('Executed from ' +
top.location)" >
       + Request to add victim ID to your contact list.
+ Once victim accepts your request, send him a message and change your
online status (Available -> Invisible)

This vulnerability was reported to Yahoo!

Hai Nam Luke <hainamluke@yahoo.com>
K46A - NEU



[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include, Simple Nomad
Next by Date:  Re: Open Conference Systems = 2.8.2 Remote File Inclusion, Stefano Zanero
Previous by Thread:  RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Ahmed Sheipani
Next by Thread:  Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Outlaw
Indexes:  [Date] [Thread] [Top] [All Lists]