Yahoo Multiple Vulnerabilities

Various Yahoo! services are vulnerable to authentication bypass, session
binding, weak cookie encoding, cross-site scripting file inclusion and url
redirection vulnerabilities, which is caused due to improper validation of
user-supplied inputs.

*. Authentication Bypass and Session Binding Vulnerability.
A malicious user can log on to the yahoo without submitting the username
and password by constructing a malicious URL using cookies.
2. Cookie Encoding Security Weakness
*. Cross-Site Scripting.
4. URL redirection.

Full Story in http://www.xdisclose.com


_________________________________________________________________

This is a serious threat to yahoo users' privacy, just click this link and you bypass any sort of authentication to get into a test account:

http://msg.edit.**********/config/reset_cookies?&.y=Y=v=*%26n=0kvgvgv*qlf**%26l=i42.j4ij/o&.t=T=sk=DAAq25kB4yjEbw%26d=c2wBTlRVMUFUSTFNVEl4TXpnNU5EVS0BYQFRQUUBdGlwAVNQZHhvQgF6egExemt6RUJnV0E-&.done=http%*a//mail.**********

Now why do I know this (interesting) thread will get NO replies, while the 'password hacking requests here' will get 20 more posts from retarded kids.

Oh shit, it worked. Wow...I didnt realize it, till I did it...

This is sad....

T

Wow...thats crazy....man....

Hey Mike,

When I clicked on the link it just gave me a login page. What exactly did u mean by bypass of authentication process.

Please let me know.

Thanks.

Hack Victim

Hey Toast and Icecold,

Please let me know what did u mean when u said it worked. for me its just giving me a login page. I need to know this as it might help me regain access to my hacked account. Please let me know.

Thanks.

D

Hey Mike,

When I clicked on the link it just gave me a login page. What exactly did u mean by bypass of authentication process.

Please let me know.

Thanks.

Hack Victim

They probably fixed it now. But it only logged into the account because the user's encrypted password or whatever was included in the URL. You are not gonna get into someone's account with this, even if they didn't fix it.

I was wondering if it is possible to mimic the little security lock when making a fake login page. You know the off color url box and the lock….
I was thinking it is possible but I’m not sure.

~Thanks~ Toast

I was wondering if it is possible to mimic the little security lock when making a fake login page. You know the off color url box and the lock….
I was thinking it is possible but I’m not sure.

~Thanks~ Toast

Not the off color address bar (which is only in firefox, isn't it? I haven't used IE in so long now...), but you could possibly mimic the security lock with a custom favicon. I don't know if the alignment would be right (and it would only look correct in the browser which you took the icon from), but it's worth investigating.

I can provide more info on what favicons are, but i'm too busy right now. Wikipedia can though (http://en.wikipedia.org/wiki/Favicon).

Cool, thanks! (and yes for the color bar in firefox; I dont use IE anymore either...)
I'll do some more digging.
~T

Well, immediately after I posted yesterday I realized that favicons are placed on the LEFT side of the address bar; and firefox shows the 'padlock icon' on the right of the address bar, and IE shows it right at the bottom-left of the browser.

Oh, and favicons are the little icons websites show, and are placed to the left of the URL in the address bar. All-nettools.com has one, with an 'i' in it.

In conclusion - using a favicon to show a fake padlock icon will only fool dumb internet users. Which is actually most of the population, according to a phishing report I read a couple of days ago.

lol, Thanks Mike.

:)

The advisory is removed from the site. :(

The advisory is removed from the site. :(

Google found the document in another location. (http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060620/0*a*8*05/XD*0000*.txt)