czwartek, 7 marca 2013

Stored XSS - Yandex Mail

Zgłoszony ponad dwa miesiące temu, dawno poprawiony - stored XSS w usłudze Yandex Mail objętej programem bug bounty.

Poniżej oryginalne zgłoszenie:

Hello there,

I just found an stored cross-site scripting vulnerability in Yandex.Mail. Here's a short info about reproduction of this bug: 

1) Victim gets mail with picture of sweet kitteh ;) attachment name is: 

kitteh<img src=a onerror=alert(document.cookie)>hhhh.jpg

2) As you can see - picture looks really cute - that's why victim decides to zoom it. After clicking the thumbnail - javascript code executes. 

I attached some screenshot. 

Waiting for feedback. 

Jakub Zoczek

4 komentarze: