- This topic has 2 replies, 2 voices, and was last updated 22 years ago by
.
Viewing 3 posts - 1 through 3 (of 3 total)
-
Posts
-
The Yahoo! authentication process allows an attacker to inject script that is executed in yahoos domain after the user supplys their password and username
Proof of concept is available here:
http://www.zapthedingbat.com/security/ex03/vun1.htmyou dont have to used run the proof of consept if you feel its unsafe. non the less its important to be aware that the security vulnrability exists for your safty in future.
If you are un happy running the Proof of consept on my wabsite you can used the documentation to run test it from your local computer or on another server.
Viewing 3 posts - 1 through 3 (of 3 total)
- You must be logged in to reply to this topic.