Chinese Sohu webmail users were susceptible to XSS attacks

Written by DP

Saturday, 25 September 2010

The webmail service of the NASDAQ listed company Inc. suffered from a serious cross-site scripting vulnerability (corrected yesterday). currently ranks 46th overall in Alexa and is one of the largest Chinese search engine companies which also offers advertising, online multiplayer gaming and other services. XSS mirror

The XSS bug was reported by an Iranian team called "" but maybe it has been known to the underground for a long time as it is affected by typical and easy to discover XSS attack vectors.

Attackers could steal cleartext credentials from millions of registered users by injecting an iframe tag that retrieves another fake Sohu webmail login page from a remote server.  

The users have the option to chose whether or not to encrypt their login session but either way they were still susceptible to XSS attacks.

Screenshot #1 Using SSL


Screenshot #2 Iframe Injection Using SSL

Sohu has been XSSed in the past

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.