XSS-ekploit steals user cookies to log in to your account up and running in all the web-browsers.
Egyptian hacker sells XSS-exploit Yahoo! Mail for $ 700. Hacker published “promotional” video, which clearly demonstrates the effect of the exploit users. A copy of the video made by Brian Krebs, and placed it on the resource YouTube.
By recording says that XSS-ekploit steals user cookies to log in to your account and works in all the web-browsers.
“I sell XSS-exploit Yahoo, who steals cookies to log in to your email account users and works on all browsers, – the hacker. – You do not need to bypass the XSS-filters in IE or Chrome, as ekploit uses stored XSS-vulnerability. Prices for these exploits range from $ 1100 to $ 1500, while I offer it for $ 700. Selling only to trusted people, because I do not want to dent fixed soon. “
Brian Krebs reported on his blog that he was associated with the Yahoo!, who said that analyze the information. Company experts are trying to find the exact URL-address, which triggers the exploit.
“Correct gap is easy because most XSS eliminated by simply replacing the code. When we find a vulnerable URL-address we will be able in a few hours to run the new code, “- said Ramses Martinez, head of security Yahoo!.
Links:
http://krebsonsecurity.com/2012/11/yahoo-email-stealing-exploit-fetches-700/
http://news.softpedia.com/news/Hacker-Sells-Yahoo-Mail-Zero-Day-for-700-550-Video-309205.shtml