Cross Site Scripting: PoC in Yahoo Mail.

The attacking program could obtain your entire address-book, supplementing spammers’’ lucrative database of spam victims. And thanks to Yahoo’s recent integration of instant messaging within its web-mail site, it could also send instant messages to your friends impersonating you. (“You wanna do what to me?!”) Many of your online accounts would then become vulnerable as well, since the attacker would have access to your password-resetting emails; this potentially means access to your financial accounts. All other Yahoo services that you use are also at risk, including Yahoo Photos or Flickr. Read More>>


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: