by r0t,der4444,cembo,VietMafia

Monday, April 17, 2006

vuln. on yandex.ru , yahoo.com and others

This vuln. mostly can be used by phishing attacks...
Just Look at screenshot:


In screenshot you see just my email adress , but there can be anything else like redrict to attackers host.

So,attacker must only put on mail html body like in my example:

(?
(TABLE border="1" cellspacing="1" cellpadding="0">
(tr>Please contact administrator (a href=r0t@r00t.it>r0t@r00t.it(/a>
(/table>
(TABLE border="1" cellspacing="1" cellpadding="0">
(tr>Hi victim!(/tr>
(/table>

notice: of course change "(" to "<"


So, it works on yandex.ru , yahoo.com( is already reported and will be fixed soon) and many another email services.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew