| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger |
| From: | Outlaw@aria-security.net |
| Date: | 27 Jan 2007 02:51:58 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
This Vulnerability works even when you put your script (<img
src="javascript:alert('Executed from ' + top.location)" >) in nickname and you
can insert HTML codes in Nickname and Lastname.
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [USN-398-4] Firefox regression, Kees Cook |
|---|---|
| Next by Date: | Open Conference Systems = 2.8.2 Remote File Inclusion, trzindan |
| Previous by Thread: | Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, 3B.Security Researcher |
| Next by Thread: | PHP Membership Manager Cross-Site Scripting Vulnerability, DoZ |
| Indexes: | [Date] [Thread] [Top] [All Lists] |