E Hacking News [ EHN ] - The Best IT Security News | Hacker News

Subscribe to my RSS

EHN
Cyber Crime
Vulnerability
Malware
IT Security
Hacker News
Spam
Defacements
Database Leaked

Follow @EHackerNews

Showing posts with label QuisterTow. Show all posts

Today, Information Security Researcher QuisterTow come with interesting vulnerability finding in one of Top Search Engine website, Yahoo.

There is a cross site scripting vulnerability resides in the hk.promotions.yahoo.com domain. The vulnerability is click based xss . When i click the flash, it will display the xss code.

Poc code:

http://hk.promotions.yahoo.com/wedding2010/home_banner.swf?clickTAG=javascript:alert(/ E Hacking News /);

The above finding is really interesting one. Just load the url and click in the flash content and it results in the code being executed.

At the time of writing, the vulnerability is still there .

Older Posts Home

Recent Posts
Comments

Become a Fan

Get Latest news at Your Email

Enter Your Email:

Subscribe to our RSS Feeds!

Follow Us on Twitter!

Add me in Google +

Funny Forward Mails
Debugging Questions in Java

COPYRIGHT 2012 by EHN. | Read our Privacy Policy