OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: acz [iSecureLabs] (aurelien.cabezoniSecureLabs.com)
Date: Thu Sep 13 2001 - 10:08:09 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    --[ Yahoo's French Web Site vulnerable to Cross Site Scripting ]--

    Problem discovered: 28/08/2001
    by Cabezon Aurélien | aurelien.cabezoniSecureLabs.com |
    http://www.iSecureLabs.com

    --[ Overview ]--

    Yahoo is a well known news portal.
    The French Yahoo News portal suffer from a Cross Site Scripting
    Vulnerability.

    -- [ Description ]--

    French Yahoo's web site may inadvertently include malicious HTML tags or
    script in a dynamically generated page based on unvalidated input from user.

    This search script http://fr.search.yahoo.com/search/news_fr does not check
    anymore for malicious HTML or Java Script code.

    Exemple:

    http://fr.search.yahoo.com/search/news_fr?p=&nice=><hr><hr><hr><h1>Vulbér
    abilité%20sur%20Yahoo!!!
    </h1><hr><hr><hr>%3Cscript%3Ealert(%22C%20est%20une%20vulnerabilite%20de%20t
    ype%20cross%20site
    %20scripting%22);%3C/script%3E&z=date&n=10

    Screen Capture :
    http://www.isecurelabs.com/advisory/yahooooooo2.gif
    http://www.isecurelabs.com/advisory/yahoooooooo.gif

    --[ Fix ]--

    Yahoo has been alerted and has fixed.

    --[ Informations about CSS ]--

    http://httpd.apache.org/info/css-security/apache_specific.html
    http://www.cert.org/advisories/CA-2000-02.html 

    ---
Cabezon Aurélien | aurelien.cabezoniSecureLabs.com
http://www.iSecureLabs.com | French Security Portal
http://www.iSecureLabs.com/advisory | Advisory folder