[41357] in bugtraq
RE: XSS on Yahoo Mail
daemon@ATHENA.MIT.EDU (Richard Fuchshuber)
Sat Nov 26 09:47:55 2005
Message-ID: <20051124224142.85640.qmail@web53014.mail.yahoo.com>
Date: Thu, 24 Nov 2005 22:41:42 +0000 (GMT)
From: Richard Fuchshuber <richardfuch@yahoo.com.br>
To: Will Wesley <willwesleyccna@yahoo.de>, bugtraq@securityfocus.com
In-Reply-To: <20051124025004.32883.qmail@web26902.mail.ukl.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hi,
--- Will Wesley <willwesleyccna@yahoo.de> escreveu:
> This is not exactly a problem with Yahoo!, but rather
> a problem with the way browsers tend to render HTML
> when forced to deal with broken tags. Your "<?
> <table....> is not needed to accomplish the same
> thing, since a browser will consider everything from <
> to the next > as a tag. Since <? is not recognized the
> whole thing is ignored.
>
> The real problem is that you are injecting a TR
> element into the middle of a TD, then closing the
> table without first closing the TD. Any web developer
> who would do such a thing is a moron, and your browser
> does the best it can to make sense of it. You might
> try asking Yahoo how to turn HTML off, or simply use
> POP with a text only reader to work around this.
It isn't necessary to close the table, you just need the <tr></tr> part (I
had not noticed this before your mail). You can also use other tags to get
different results.
Anyway, I think that to prevent injection of HTML code into Yahoo! Mail
interface something should be done, since it could be used to fool users.
Cheers,
Richard
_______________________________________________________
Yahoo! Acesso Grátis: Internet rápida e grátis.
Instale o discador agora!
http://br.acesso.yahoo.com/
