Hello,

While I was browsing, I stubled upon a Yahoo! authentication script injection vulnerability
By this we can inject our own scripts into just after authentication.
The below link illustrates an example of a script injection where u get the authentication code cookie for the particular user.

I request u to try it out...
U can test it here .

I've a doubt...

What do I do with the code shown up as our authentication code...
What is the use if I get the code ??
With the help of the code persumably, I can log on to yahoo into the particular without my username or password... How do I do it ??... How can it be related with cookie... I'm totally confused
Can anyone give a bit detailed explanation ??

Thank u v'much.