Bugtraq mailing list archives
Re: XSS on Yahoo Mail
From: Lance James <lancej () securescience net>
Date: Sun, 27 Nov 2005 15:50:15 -0800
alireza hassani wrote:
--- Will Wesley <willwesleyccna () yahoo de> wrote:Anyway, a solution is really quite simple. Allow users to disable HTML in their email, or whynot by >default? Don't you think this is not a real solution? User must be safe to use any option and also full performances.
This HTML stuff should be allowed, but controlled - similar to on blogs. Unfortunately I have found very bad hole in the compose mail section of yahoo when HTML is on, but that just means that they should filter better for HTML features.
Alireza Hassani (http://www.kapda.ir) __________________________________ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
-- Best Regards, Lance James Secure Science Corporation www.securescience.net Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Find out how malware is affecting your company: Get a DIA account today! https://slam.securescience.com/signup.cgi - it's free!
Current thread:
- XSS on Yahoo Mail Richard Fuchshuber (Nov 23)
- RE: XSS on Yahoo Mail Will Wesley (Nov 24)
- Re: XSS on Yahoo Mail Steven Champeon (Nov 26)
- Re: XSS on Yahoo Mail Will Wesley (Nov 26)
- Re: XSS on Yahoo Mail Jim Ley (Nov 26)
- RE: XSS on Yahoo Mail Richard Fuchshuber (Nov 26)
- Re: XSS on Yahoo Mail Steven Champeon (Nov 26)
- Re: XSS on Yahoo Mail Personal Account (Nov 26)
- <Possible follow-ups>
- Re: XSS on Yahoo Mail little . hacker (Nov 26)
- Re: XSS on Yahoo Mail Matan Peled (Nov 26)
- Re: XSS on Yahoo Mail alireza hassani (Nov 26)
- Re: XSS on Yahoo Mail Lance James (Nov 28)
- RE: XSS on Yahoo Mail Will Wesley (Nov 24)