The Hacker News Logo
Subscribe to Newsletter

Yahoo Mail hijacking exploit available for $700

An Egyptian hacker “TheHell” is selling an exploit in $700 that allows individuals to hijack a Yahoo! email account.

The method is shown off in a video that was posted on YouTube. A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts. In order to work, the victim must click on a malcious link. Upon doing so, the user’s cookies will be stolen and he or she will be redirected back to the Yahoo! email home page.
"I'm selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers," "TheHell" explained. "And you don't need to bypass IE or Chrome xss filter as it do that itself because it's stored xss."

Yahoo! has been notified and is looking for the security hole, which it says can be fixed in a few hours once discovered. They says this XSS flaw falls into the category of a stored vulnerability, which inserts malicious code into a file, database, or back-end system. The malicious script is then retrieved from the server when it requests the stored information.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.