DOMSDAY Analyzing a DOM-Based XSS in Yahoo!


Analyzing a DOM-Based XSS in Yahoo!



hello again to all great readers

before going future i want talk a bit about abysssec.  i want to talk about abysssec, in 5 years I worked as a CTO In abysssec and I had a very great the time in team. What I want to write now is actually my last post (as CTO) from abysssec team (maybe i write as guest in future). that’s it after ~5 year I finally want to leave home to new home with best wishes for abysssec new management team. so good or bad i hope you enjoyed my works i as did in abysssec. abysssec team will work as always and like before just with new management team as will share information just like before.

So finally you can follow me on twitter with @ShahinRamezany  (@abysssec account twitter will be managed by new management team) for my new company news and also our long waited training classes.


Yahoo! vulnerability :

as you may read in news Yahoo! recently fixed a DOM-based cross site scripting in one of  strongly used JS files. and as i promised i want share PoC and step by step article about finding and exploiting this vulnerability.

so here is paper abstract.


As a security researcher in my free time I spend my time on both application and web application security. During one of my researches while I was focusing on auditing JavaScript codes I spent some time on Alexa top ranks and their JS libraries to see what I can find in theme. So I started working on apple, FaceBook, Yahoo! I just surprised I found few issues on all of them! And in this article I want to explain one of my cool findings on Yahoo! Mail which can be used to completely compromise an account.

According to Wikipedia[1], Yahoo mail has around 310 million users in October 2011 so any serious vulnerabilities puts millions of users in risk. Finding XSS in Yahoo! is not a new thing and is not that so hard. Reason of creating this article is not just proofing Yahoo! is vulnerable and it’s about how easy is to find and exploit vulnerabilities in well-known websites.

So in this short paper we will review on 5 steps.

  • Introduction
  • Step I   : Steps to finding vulnerability
  • Step II  : Triggering and analyzing the vulnerability
  • Step III : Exploiting the vulnerability
  • Step IV : Hijacking user accounts
  • Step V  :  Patching the vulnerability
  • Yahoo incomplete patch
  • Appendix : Demo
  • Appendix II  : Dominator to rescue
  • Credits / References

Paper Download link!_DOMSDAY.pdf


PoC Demo


you can watch demo here :

also you can download it from here

update : youtube removed video after ~30K  viewers and i don’t know why …

press links :


i know it’s too late but happy new years !

be safe
Shahin Ramezany




Get Adobe Flash player