A hacker is capitalizing on a Yahoo! flaw that could allow email accounts to become compromised and could trick users into clicking on malicious websites.
Brian Krebs on his blog Krebs on Security reported last week that an Egyptian hacker was offering this deal on an “exclusive cybercrime forum” called Darkode.
“I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers. And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!”
This is the demo of the Yahoo system.