Build Theme!

What the Tech

Unreplied Topics

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Yahoo/hotmail Web Based Mail Exploit

Started by Galadriel , Mar 23 2004 12:03 PM

Please log in to reply

No replies to this topic

#1 Galadriel

CEO - Chief Elvish Officer

Visiting Fellow
528 posts

Posted 23 March 2004 - 12:03 PM

Affected applications:

Hotmail web-based email service (when used with IE).
Yahoo web-based email service (when used with IE).

Note that many other web-based services may be vulnerable to this method of exploitation, as it is a completely new way to embed script.
Introduction:

Both Hotmail and Yahoo make tremendous efforts to sanitize incoming emails from potentially unsafe HTML content. Flawed filtering of such unsafe content may result in severe consequences that would occur as soon as a user opens an email for reading, including:

* Theft of login and password.
* Content disclosure of any email in the mailbox.
* Automatically send emails from the mailbox.
* Exploitation of known vulnerabilities in the browser to access the user's file system and eventually take over the machine.
* Distribution of a web-based email worm.
* Disclosure of all contacts within the address book.

Rest of this....
http://www.greymagic...ories/gm005-mc/

I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel

'The world is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Advertisements

Register to Remove

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.

Facebook Twitter

Help

Community Forum Software by IP.Board
Licensed to: What the Tech

Body Background

skin color theme