Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th November 2012
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,599
Default Yahoo XSS exploits going for $700

From http://h-online.com/-1758147

The latest discovery of a cross-site scripting (XSS) vulnerability on Yahoo is not particularly uncommon, but gives some insight into how exploits for vulnerabilities are priced. According to security blogger Brian Krebs, an exploit being sold by an Egyptian hacker targets an XSS vulnerability in a Yahoo service.

The Egyptian hacker is holding a sale, offering the exploit for $700 where he claims it is usually sold for $1,100 to $1,500 dollars.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 28th November 2012
Trihexagonal's Avatar
Trihexagonal Trihexagonal is offline
Port Guard
Join Date: May 2012
Posts: 16

Thanks for the heads-up.

I realize this deals with code stored on the same server, which sets it apart from a normal XSS attack, but am dubious as to how effective the exploit would be if you were using Firefox with it set to warn on redirection, with the NoScript extension, which provides some XSS protection, didn't have the site whitelisted, and didn't allow JS globally, but you can't be too careful.

I do use Yahoo email but still use the old style form which doesn't require JavaScript to be enabled.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security 90% of popular SSL sites vulnerable to exploits, researchers find J65nko News 0 26th April 2012 10:24 PM
Yahoo updates YUI JavaScript framework J65nko News 0 17th January 2011 06:16 PM
Yahoo marking spam only from mutt asemisldkfj General software and network 3 15th June 2010 10:37 PM
Yahoo! related Pidgin problems... BSDfan666 General software and network 10 28th September 2008 02:39 AM
DNS Security: Old Vulnerabilities, New Exploits with Cricket Liu crayoxide Off-Topic 8 23rd July 2008 08:09 AM

All times are GMT. The time now is 12:37 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick