Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Click Based XSS. Show all posts

Click based XSS vulnerability in Yahoo



Today, Information Security Researcher QuisterTow come with interesting vulnerability finding in one of Top Search Engine website, Yahoo.

There is a cross site scripting vulnerability resides in the hk.promotions.yahoo.com domain.  The vulnerability is click based xss .  When i click the flash, it will display the xss code.

Poc code:
http://hk.promotions.yahoo.com/wedding2010/home_banner.swf?clickTAG=javascript:alert(/ E Hacking News /);

The above finding is really interesting one.  Just load the url and click in the flash content and it results in the code being executed.

At the time of writing, the vulnerability is still there .