Yahoo Vulnerable to HTML Attachments
Results 1 to 3 of 3

Thread: Yahoo Vulnerable to HTML Attachments

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914

    Yahoo Vulnerable to HTML Attachments

    Hey Hey,

    This just came across bugtraq... It's a little frightening.



    <?
    <TABLE border="1" cellspacing="1" cellpadding="0"> <TR>Your profile is out of date, please update <a href="http://www.antionline.com">clicking here.</a></TR> </TABLE>
    That code when placed as an HTML attachment to a yahoo user (Also affects anyone using YAHOO Mail... Rogers.com, Shaw.ca, Verizon with Yahoo Portal)

    The text your profile is out of date, please update will appear on the screen with that link saying click here... I've modified it to take the user to antionline (for testing)... However it does work... I've tested it and the text was there..

    Here's the original bugtraq email, along with the screenshot that was included:


    Hi,

    I've noticed a strange behavior in "Yahoo! Mail" when dealing with html attachments. It's possible to insert data into the "Yahoo! Mail" html interface.

    For example, with the following code in an html attachment it's possible to insert "Your profile is out of date, please update clicking here" above the button "Check Mail".

    <?
    <TABLE border="1" cellspacing="1" cellpadding="0"> <TR>Your profile is out of date, please update <a href="www.blabla.com">clicking here.</a></TR> </TABLE>

    I think this could be used in phishing scam.

    For a screenshot, see [1]. The circulated text was inserted into interface of the "Yahoo! Mail" through an email with the above code as an html attachment.

    I tried to contact "Yahoo!" several times, without success.


    [1] - http://richard.computeiro.com/yahoo_bug.jpg
    If Yahoo doesn't respond and fix this... this could present a whole new brand of problems...

    [Edit]
    As an after thought I wonder if this could be tied in with the IE window() problem to basically nail any yahoo user...
    [/Edit]

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    This is just even more reason not to use messenger..

    Ages ago i disabled all my box's from being able to accept URL links via both Yahoo and MSN messenger. Got sick of all the promise's for free pr0n.
    instead they were just installing tracking cookie's and other Spyware..

    cheers
    front2back

  3. #3
    Junior Member
    Join Date
    Sep 2005
    Posts
    16
    I just tested this on Yahoo web mail and it does work. Then I took it a step further and tried to use a button. I attached a screen shot with the button. I don't have time to mess with the scripting to see if you could get the button to work, I might try later, but the possibility is there.



    If yahoo does not fix this it could lead to some strange things.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •