That
doesn't work any more.
Another one, for Internet Explorer however does work that i found the
other day.
Send
yourself one using my POC :)
or
php0t
/ zorro.hu
-----Original Message-----Hi folks:
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wac
Sent: Thursday, June 15, 2006 5:51 AM
To: David Loyall
Cc: [email protected]; [EMAIL PROTECTED]
Subject: Re: [Full-disclosure] Vunerability in yahoo webmail.
Can I get this file somewhere else? Like a web site or something. This gmail thing detects it as a virus. I doub't yahoo will let it pass still, that's wht i don;t ask anyne to send it to me ;). I wonder who asked to have an stupid scanner in the e-mail that you can't disable. I don't even have one on my computer!!! Anyway I understand I'm not common kind of people ;). Thanx in advance.
Waldo
On 6/12/06, David Loyall <[EMAIL PROTECTED]> wrote:Hello, all.
I just received an email with an html attachment, on a yahoo account.
When I opened the mail, yahoo automatically displayed the html, and executed the code within. What the hell. =) It forwarded the message to my contacts list, (or some other set of addresses, dunno,) and redirected my browser to a website.
I'm of to a BBQ, and I don't care about yahoo. So I'm not even going to read the code and see how this happens. I'm attaching the html file as a text file. Enjoy!Oh, I've CC'd [EMAIL PROTECTED], but if someone else would give them a proper write-up, and encourage them to close the hole, that'd be wonderful.
Cheers,
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
