Hacker “TheHell” is selling an exploit that allows individuals to hijack a Yahoo! email account. The method is shown off in a video that was posted on Darkode, where the exploit is being sold for $700, and then reposted on YouTube. Yahoo! has been notified and is looking for the security hole, which it says can be fixed in a few hours once discovered.
The zero-day exploit takes advantage of a cross-site scripting vulnerability, allowing the hacker to steal a Yahoo! user’s cookies and take control of the account. In order to work, the victim must click on a malcious link. Upon doing so, the user’s cookies will be stolen and he or she will be redirected back to the Yahoo! email home page.
Said TheHell: “I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers. And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!”
Yahoo stated that while fixing the issue will be simple enough, that can’t happen until they actually find “the offending URL.” This isn’t the first time an XSS attack has been directed at Yahoo!, however, with some recent examples of vulnerable linkes including surveylink.yahoo.com and order.store.yahoo.com. You can see a full list of XSS vulnerabilities and whether they’ve been fixed over at XSSed.com.