13 Jan
DOMSDAY Analyzing a DOM-Based XSS in Yahoo!
DOMSDAY
Analyzing a DOM-Based XSS in Yahoo!
Yahoo-Exploit
hello again to all great readers
before going future i want talk a bit about abysssec. i want to talk about abysssec, in 5 years I worked as a CTO In abysssec and I had a very great the time in team. What I want to write now is actually my last post (as CTO) from abysssec team (maybe i write as guest in future). that’s it after ~5 year I finally want to leave home to new home with best wishes for abysssec new management team. so good or bad i hope you enjoyed my works i as did in abysssec. abysssec team will work as always and like before just with new management team as will share information just like before.
So finally you can follow me on twitter with @ShahinRamezany (@abysssec account twitter will be managed by new management team) for my new company news and also our long waited training classes.
Yahoo! vulnerability :
as you may read in news Yahoo! recently fixed a DOM-based cross site scripting in one of strongly used JS files. and as i promised i want share PoC and step by step article about finding and exploiting this vulnerability.
so here is paper abstract.
Abstract
As a security researcher in my free time I spend my time on both application and web application security. During one of my researches while I was focusing on auditing JavaScript codes I spent some time on Alexa top ranks and their JS libraries to see what I can find in theme. So I started working on apple, FaceBook, Yahoo! I just surprised I found few issues on all of them! And in this article I want to explain one of my cool findings on Yahoo! Mail which can be used to completely compromise an account.
According to Wikipedia[1], Yahoo mail has around 310 million users in October 2011 so any serious vulnerabilities puts millions of users in risk. Finding XSS in Yahoo! is not a new thing and is not that so hard. Reason of creating this article is not just proofing Yahoo! is vulnerable and it’s about how easy is to find and exploit vulnerabilities in well-known websites.
So in this short paper we will review on 5 steps.
- Introduction
- Step I : Steps to finding vulnerability
- Step II : Triggering and analyzing the vulnerability
- Step III : Exploiting the vulnerability
- Step IV : Hijacking user accounts
- Step V : Patching the vulnerability
- Yahoo incomplete patch
- Appendix : Demo
- Appendix II : Dominator to rescue
- Credits / References
Paper Download link
http://abysssec.com/files/Yahoo!_DOMSDAY.pdf
http://www.exploit-db.com/wp-content/themes/exploit/docs/24109.pdf
PoC Demo
you can watch demo here :
also you can download it from here
update : youtube removed video after ~30K viewers and i don’t know why …
press links :
| http://thenextweb.com
http://threatpost.com/ http://news.softpedia.com/ http://www.computerworld.com/ http://news.hitb.org/ http://thenextweb.com/ http://www.offensive-security.com/ http://www.scmagazine.com/ http://www.ehackingnews.com/ http://allthingsd.com/ http://www.securityweek.com/ http://www.isssource.com/ |
i know it’s too late but happy new years !
[1] http://en.wikipedia.org/wiki/Yahoo!_Mail
