Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Specific Sites :: b06-1809.htm

Yahoo! Mail XSS Vulnerability
Yahoo! Mail XSS Vulnerability
Yahoo! Mail XSS Vulnerability

Adivisory Name : Yahoo! Mail XSS Vulnerability
Release Date : 2006.04.21
Application : Yahoo! web-based email service
Test On : Microsoft IE 6.0
Discover : Cheng Peng Su(


Yahoo! Mail is one of the Internet's most popular web based email solutions.


This vulnerability is resulted from the failure of Yahoo! Mail's
filtering engine to

block "expression()" syntax in a CSS attribute using a comment to
break up expression,

and the comment symbol( /* */ ) must be hex encoded so that we can
bypass the filter.

An example:


the injected code inside the CSS attribute is responsible for

-Getting cookies.
-Potential web-based e-mail worm.

Vender status:

2006.04.01 Informed the vendor.
2006.04.03 The vendor confirmed the vulnerability.
2006.04.XX The vendor patched the vulnerability. ( They patched it silently )

Original advisory: 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH