AOL’s Web Site and XSS

Today I received a phished e-mail to one of my many (many) free Yahoo! e-mail accounts that somehow cleared all of their SPAM algorithms. Interestingly enough, the link inside the message was to a legitimate AOL landing page. However, it was a redirect page that sent me to a phishing site site removed. I have run into this various times on a couple of client projects and it is just interesting (and worrisome) to see it happen so blatantly on other, high trafficked web sites. Here is the redirect link (notice I am appending my URL to the end of the query string.)

I attempted to locate the appropriate abuse contact at AOL, but unfortunately I do not have the time, nor patience to rummage through their site to locate their security advisers. So I will just have to notify another security expert as soon as I have time to actually figure out who that would be.


Comments are closed.