Skip to main content

Yahoo account exploit selling on black market

posted onNovember 28, 2012
by l33tdawg

Yahoo is investigating the claims of a hacker who is selling an exploit that apparently hijacks Yahoo mail accounts.

"The exploit, being sold for $US700 by an Egyptian hacker on an exclusive cybercrime forum, targets a cross-site scripting (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users," wrote Brian Krebs, a noted security blogger who reported the illegal offer to Yahoo.

"Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page."

Source

Tags

Yahoo Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th