This vulnerability was found to be lucky. I carefully studied the yahoo Mail vulnerability and found it to be a yahoo zero-day vulnerability in, part of the cause of this vulnerability should be due to the negligence of Yahoo security personnel and insufficient consideration for fixing the previous 0-day vulnerability.
Detailed description:
The vulnerability is generated at the attachment name of the email, which is similar to the earlier version of Yahoo!'s automatic resolution Vulnerability (0day. Step 1: Construct a Cross-Site Script (I wrote a mail applet to facilitate the test, so it won't be shown if it looks ugly ), add an attachment and add your own test script after the attachment name. The structure is as follows: xxx.txt <iframe src = http://qq.com> send to your test Yahoo Mail; Step 2: after receiving the email, click the "My attachments" option in the mailbox list to see the following:
Step 3: Click the attachment icon, as shown in:
The results are quite clear. Yahoo does not know how to find the "My attachments" option in the new version, so I did not perform the test again.
Step 4: shout out when to send rank to such mailboxes .....
Www.2cto.com
Solution:
A few years ago, after Yahoo!'s 0day, you have already had a very well-developed solution, so I won't talk about it here.
Author: wanglaojiu