Crack explanation: the yahoo statistics function widely uses in the stand the visit statistics, uses in making each kind of data analysis like visit to originate, customer visit page statistics and so on, the concrete information may visit website http://tongjia.yahoo.cn. But 80sec discovered that this function existence serious crack, possibly causes the user information to steal, and may hold this user's yahoo ID, enters including mail.yahoo.cn in other services.

Crack origin: the yahoo statistics function when obtains the user submission the parameter lacks the essential filtration, causes the malicious user to be possible to submit the careful structure the data to enter the control panel backstage, for example the visit address message will not filter enters the backstage, like this may cause a cross station script attack crack. Moreover because yahoo lacks the essential protection to the user authentication information, may cause the malicious user to obtain these sensitive information, then uses yahoo the authentication mechanism flaw, then uses this user the status to enter other service like mail.yahoo.cn

Crack test: Is having the yahoo statistics page, through the following address visit:

http://www.foosite.com/index.php? “><script>alert (.)</script>

Then sees the triggering effect in the foosite yahoo statistical control kneading board's visit page analysis. Through introduction evil intention's js, the aggressor may obtain stationmaster's status to carry on other dangerous operation. 80sec has tested successfully.

Crack patching: The manufacturer already repaired

Crack condition: 80sec in 6.13 discovers this crack
80sec gives the manufacturer in 6.13 submissions
6.16 manufacturer repair crack
6.18 issue the announcement