Reporter Pratul Agrawal
`Title: Yahoo mail Dom Based Cross Site Scripting
Author: Pratul Agrawal <pratulag[at]yahoo[dot]com>
Vendor: Yahoo mail, and possibly others
Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks
Tested on: Microsoft IE 7.0
Yahoo mail filter fails to detect script attributes in combination with
the style attribute as a tag, leaving everyone using yahoo mail service
with MSIE vulnerable to Cross Site Scripting including Cookie Theft and
relogin attacks. This is a high risk security vulnerability because the
attacker wont have to make the victim click on any link, all he/she has
once the victim open the email the malicious code will be executed in
This is totally a dom based xss attack. an application takes the user suplied data and directly feed it into the API designed to show the Newly created folder name n the yahoomail. Throug this an attacker can easily perform a cookie theft attack, Site defacement attack and many more.
Steps of Exploit code:
1. Login the yahoomail with valid credentials.
2. Click on inbox.
3. Now click on Move to < create New Folder.
5. Press OK and the script get executed. yahhhhooooo