SecurityTube

Yahoo Mail XSS Vulnerability Could Affect Millions of Accounts

JB

Security researcher Shahin Ramezany developed an XSS proof-of-concept exploit that he claims puts some 400 million Yahoo Mail users at risk of having their accounts taken over.

In a video posted on YouTube last night, Ramezanydemonstrated an exploit for what he claims is a document object model-based cross-site scripting vulnerability that affects Yahoo Mail users on all current browsers. Using a maliciously crafted link, a pen-testing platform, Chrome browser add-on, and a touch of social engineering, Ramezany takes complete control of a dummy Yahoo Mail account in less than five minutes.