Saturday, December 1, 2012

Yahoo Mail Exploit goes on sale for $700

Yahoo! mail is suspectible to XSS flaw and exploit is available in the market but with a price tag of $700. According to security blogger Brian Krebs, an exploit being sold by an Egyptian hacker targets an XSS vulnerability in a Yahoo service. The hacker is able to sell the exploit several times but does say that he expects the hole it targets to be closed soon. The vulnerability in question has been exploited to allow attackers to steal cookies from Yahoo webmail users. Cookies can then be used to help attackers see the emails of victims or send emails from the hijacked account.The hacker points out that this is a "stored XSS" which "works with all browsers". Stored XSS means that the injected code is being permanantly stored on the targeted server. Yahoo said it quickly repaired the vulnerability after learning about the video.

No comments: