• Netcraft exposes Yahoo vulnerability

    Jayesh Limaye, Nov 01, 2008 1000 hrs IST

    The HotJobs section of the site was being used to transmit stolen details to a remote hacker situated in the U.S.

    mail share




Netcraft has exposed a vulnerability on its site, leaving user account details open to attack. The HotJobs section of the site was being used to transmit stolen details to a remote hacker situated in the U.S.

This hacker was gathering Yahoo users' account details, enabling access into Yahoo mail. Users do not even need to type in their user name and password; all they needed to do was visit the malign URLs on Yahoo.com.

The attack works by exploiting a cross-site scripting vulnerability, which allows the attacker to inject obfuscated JavaScript into the affected page. This script then steals the authentication cookies sent to the yahoo.com domain and passes them to another website situated in the U.S., from which the hacker gathers this information.

Yahoo has been informed about this attack by Netcraft, but the HotJobs vulnerability and the malicious script were still present as on 30 October 2008. Yahoo has thanked Netcraft for pointing out this vulnerability and said that the problem is under control, but it advises users to change their passwords.

Follow Techtree on Twitter

Do you agree with this article?
YesNo



Opinion Poll