If you use Yahoo mail, better think for a minute before clicking any link in your email. Millions of Yahoo mail users have been now put at risk. If anyone wants to hijack Yahoo email account, there is a new exploit available for you…at a price!
A new exploit is on sale at $700 by an Egyptian hacker ‘The Hell’. This new exploit will allow anyone to hijack a Yahoo mail account easily. The hacker has also posted a demo video showing the process to hijack any Yahoo mail account using this exploit.
This exploit is being sold on Darkode Cybercrime forum and the demo video is also posted on the same website. Along with the millions of users all around, Yahoo has also notified about it and is looking for the loop hole in its security system.
This exploit allows a hacker to steal the Yahoo cookies and to take the complete control over the account. All it takes is victim’s click on a malicious link sent through the email. Once the user click the malicious link, this exploit gives the complete control of the Yahoo email account to the attacker. The attacker then can redirect the user anywhere he/she wants.
Explaining the exploit the Egyptian hacker ‘The Hell’ says:
I’m selling Yahoo stored XSS that steal Yahoo emails cookies and works on ALL browsers,” the hacker explained. “And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!
According to Yahoo professionals this flaw is easy to fix but very tough to find. The flaw is supposed to be set off by a URL and is thus hard to trace. Yahoo officials are however promising a quick fix of this problem, reports Mashable.
Demo Video Of Yahoo XSS Exploit
So if you are a Yahoo! Mail user, you may want to be a bit more careful now.