Thursday, January 27, 2022

Yahoo Zero-Day selling for $700

An exploit selling for $700 on an underground site might put millions of Yahoo Mail users in danger of having their e-mail account hijacked and their browsers redirected to malicious sites, most likely exploit packs.

Marketed by an Egyptian hacker on a underground forum, the exploit aims at cross-site scripting (XSS) exposure in that permits attackers to steal and replace tracking cookies, in addition to read and send e-mail from a victim’s account.

Commonly, an attacker will encrypt a malevolent link in e-mails; the script is executed when the unsuspecting recipient clicks on the link, allowing admittance to the cookies and other sensitive information.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …