[Full-Disclosure] Yahoo! Spam Filter Vulnerability

From: xploitable (xploitable_at_gmail.com)
Date: 09/28/04

  • Next message: fabio: "Re: [Full-Disclosure] How to obtain hostname lists" 
    To: full-disclosure@lists.netsys.com
Date: Tue, 28 Sep 2004 18:01:28 +0100

    Yahoo! Tuesday made public a preview of its coming new and improved homepage.

    A link from Yahoo!s homepage takes you to
    http://www.yahoo.com/promos/learn.html, where users can learn more
    about the new and improved functionality.

    On the learn.html page is a link
    http://promotions.yahoo.com/frontpage_04/ud/fp2_taf.html to invite
    friends or co-workers to view the New and Improved Homepage.

    This feature allows anyone to spam the Yahoo! Mail servers. Consumer
    or Corporate mailboxes will be flooded with repeated invites, if a
    malicious users codes a simple program to do so.

    All spammed invites do not goto the bulk folder as they should, they
    arrive on the inbox, as repeated invites.

    This allows a malicious users to quickly bring Yahoo! Mail network to
    a crawl and fill up a victims storage space very, very quickly.

    Yahoo! were notified of a similar vulnerability for its Yahoo! Mail
    spam filters earlier this year with regards of its invite feature, on
    the Yahoo! Messenger 6 IM client, it seems Yahoo! do not learn from
    past mistakes.

    For this current vulnerability, the vendor has not been contacted.

    Happy Yahoo! Mail flooding.

    Discovered today by n3td3v 

    -- 
http://www.geocities.com/n3td3v - Yahoo! Security Forum *Online*.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: fabio: "Re: [Full-Disclosure] How to obtain hostname lists"

    Relevant Pages