lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4b6ee931041006135871c883b@mail.gmail.com>
From: xploitable at gmail.com (xploitable)
Subject: Yahoo! Spam Attack Mailers

Should I bother naming the Yahoo! service anymore or just start
listing the mailers.

mailer3.bulk.scd.yahoo.com is vulnerable to be used to attack Yahoo!
mail network and by the way it seems all the bulk mailers are
vulnerable.

I would imagine all the way up the numbers, such as mailer1, mailer2,
mailer3 and so on.

This one is used when a user clicks on a "Add to My Yahoo!". The
service allows Yahoo! consumers to add an RSS Yahoo! module to a
consumers My Yahoo! page. A link is then available for the consumer to
send the same module to a friend.  Also Yahoo! News "E-mail this story
to a friend" uses the same bulk mailer.

All vulnerable to be used to attack Yahoo! Mail accounts. Mail will
goto the inbox and not the bulk mail folder. Allowing a malicious user
to very quickly flood inbox with repeated My Yahoo! RSS module links
or Yahoo! News story links.

Example for My Yahoo! RSS module mail to a friend page:
http://mtf.news.yahoo.com/mailto?url=http%3a//e.my.yahoo.com/config/cstore%3f.opt=content%26.node=1%26.sid=171771&title=Choose+Content&prop=mycstore&locale=us&h1=ymessenger+at+Yahoo!+Groups&h2=n3td3v&h3=http%3a//my.yahoo.com

Example for Yahoo! News story link mail to a friend page:

http://mtf.news.yahoo.com/mailto?url=http%3a//story.news.yahoo.com/news%3ftmpl=story%26u=/ap/20041006/ap_on_re_mi_ea/us_iraq_weapons&title=U.S.+Report+Finds+No+Evidence+of+Iraq+WMD%0a&prop=dailynews&locale=us&h1=ap/20041006/us_iraq_weapons&h2=T&h3=540

-- 
http://www.geocities.com/n3td3v


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ