lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
From: xploitable at gmail.com (n3td3v)
Subject: Yahoo Messenger. Yahoo Mail vulnerable

Yahoo today introduced a year 10 promotion to allow users to buy a
free ice cream, and view propaganda on the last 10 years of Yahoo.

The location http://birthday.yahoo.com/netrospective/ has e-mail to
friend functionality. This e-mail to friend form offers no protection
to Yahoo Messenger or Yahoo! Mail users. A very evil and malicious
user can flood a Yahoo! Mail users inbox with non-stop e-mail
messages. Repeated messages usually goto the bulk folder
automatically. This mail to friend funtion at
http://mtf.news.yahoo.com/mailto?url=http%3A%2F%2Fbirthday.yahoo.com%2Fnetrospective%2F&title=Yahoo!+Happy+10th+Birthday&prop=birthday&locale=us
by-passes all Yahoo mail spam filters. Whats more is, if the victim is
a kean user of the Yahoo! Messenger service, you can bomb the victim
with non-stop dialog popup boxes notifying you of new mail, because
the spamed messages all goto the inbox, where the Yahoo! Messenger
mail notifier keeps an eye on. On a wider pciture of things, a very
evil and malicious user can slow down Yahoo's mail hardware by using
your harvested e-mail addresses you've been using for phishing on
Yahoo! Mail network. Yahoo! corporate mail is also effected by this
spam vulnerability. A very evil and malicious user can bring Yahoo's
internal mail system to a crawl, with your bot net, you were using to
make money from mareters who were paying you to spam inboxes with
under normal money manking circumstances.

Thanks for your time security community

n3td3v once again shows up Yahoo's bad security management. Heres to
another ten years!!!

This is my security list, its better than FD!! ;-)
http://groups-beta.google.com/group/n3td3v

My last advisory was the Google Groups script injection vulnerability.

Powered by blists - more mailing lists