It was recently revealed that Yahoo Mail contained a critical XSS vulnerability that allowed a hacker to send a luring link to the victim so that when the victim clicked it, sufficient account credentials were sent to the hacker to help him overtake the victim’s account. Yahoo said it had since patched the vulnerability but that has proved wrong now.
The fresh proof-of-concept hack of the Yahoo Mail comes from Offesive Security, a security research firm. The firm claims that Yahoo only tackled a given method of exploiting the XSS vulnerability in Yahoo Mail. A hacker can gain access to a victim’s account all the same by switching to a different cross-site scripting method.
According to Jim O’Gorman of Offensive Security, “In this case, Yahoo has been provided the proof-of-concept by Shahin. They thought they had it corrected and went around releasing statements to that fact. However, and this is actually common, they corrected the specific method of exploitation that was used in the initial proof-of-concept, but did not correct the underlying flaw. Because of this, it’s possible to bypass Yahoo’s new protections with only some slight modifications.”
To substantiate its claim, the firm has released a demo video which shows how a hacker is able to gain access to a victim’s Yahoo Mail account. He does so by sending a malicious link to the victim. The victim clicks the link and it opens Yahoo’s home page, leaving the victim unaware of what has happened.
What actually happens is that the click event gathers victim’s account credentials and sends them to the hacker. The hacker tweaks them and adds them to his browser cookies which lets him directly access the victim’s account. The video below clearly shows that Yahoo still needs to do a lot to make the security of its Mail accounts fool-proof.
Source: Offensive Security
Courtesy: All Things D