Search This Blog

Powered by Blogger.

Blog Archive

Labels

Click based XSS vulnerability in Yahoo

Today, Information Security Researcher QuisterTow come with interesting click based xss vulnerability finding in one of Top Search Engine website, Yahoo.


Today, Information Security Researcher QuisterTow come with interesting vulnerability finding in one of Top Search Engine website, Yahoo.

There is a cross site scripting vulnerability resides in the hk.promotions.yahoo.com domain.  The vulnerability is click based xss .  When i click the flash, it will display the xss code.

Poc code:
http://hk.promotions.yahoo.com/wedding2010/home_banner.swf?clickTAG=javascript:alert(/ E Hacking News /);

The above finding is really interesting one.  Just load the url and click in the flash content and it results in the code being executed.

At the time of writing, the vulnerability is still there .





Share it:

Click Based XSS

Featured

Information Security News

QuisterTow

XSS Vulnerability