hyperic
+ Reply to Thread
Results 1 to 14 of 14

Thread: Yahoo Mail Authentication Bypass

  1. #1
    Join Date
    Aug 2006
    Posts
    5

    Post Yahoo Mail Authentication Bypass

    Yahoo Multiple Vulnerabilities

    Various Yahoo! services are vulnerable to authentication bypass, session
    binding, weak cookie encoding, cross-site scripting file inclusion and url
    redirection vulnerabilities, which is caused due to improper validation of
    user-supplied inputs.

    *. Authentication Bypass and Session Binding Vulnerability.
    A malicious user can log on to the yahoo without submitting the username
    and password by constructing a malicious URL using cookies.
    2. Cookie Encoding Security Weakness
    *. Cross-Site Scripting.
    4. URL redirection.

    Full Story in [URL="http://www.xdisclose.com"]http://www.xdisclose.com[/URL]


    _________________________________________________________________

  2. #2
    Join Date
    Sep 2005
    Posts
    2,050
    This is a serious threat to yahoo users' privacy, just click this link and you bypass any sort of authentication to get into a test account:

    [url]http://msg.edit.**********/config/reset_cookies?&.y=Y=v=*%26n=0kvgvgv*qlf**%26l=i42.j4ij/o&.t=T=sk=DAAq25kB4yjEbw%26d=c2wBTlRVMUFUSTFNVEl4TXpnNU5EVS0BYQFRQUUBdGlwAVNQZHhvQgF6egExemt6RUJnV 0E-&.done=http%*a//mail.**********[/url]

    Now why do I know this (interesting) thread will get NO replies, while the 'password hacking requests here' will get 20 more posts from retarded kids.

  3. #3
    Join Date
    Mar 2006
    Posts
    122
    Oh shit, it worked. Wow...I didnt realize it, till I did it...

    This is sad....

    T

  4. #4
    Join Date
    Aug 2006
    Posts
    3
    Wow...thats crazy....man....

  5. #5
    Join Date
    Aug 2006
    Posts
    3

    What does it exactly mean

    Hey Mike,

    When I clicked on the link it just gave me a login page. What exactly did u mean by bypass of authentication process.

    Please let me know.

    Thanks.

    Hack Victim

  6. #6
    Join Date
    Aug 2006
    Posts
    3

    What does it exactly mean

    Hey Toast and Icecold,

    Please let me know what did u mean when u said it worked. for me its just giving me a login page. I need to know this as it might help me regain access to my hacked account. Please let me know.

    Thanks.

    D

  7. #7
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by hack_victim*00
    Hey Mike,

    When I clicked on the link it just gave me a login page. What exactly did u mean by bypass of authentication process.

    Please let me know.

    Thanks.

    Hack Victim
    They probably fixed it now. But it only logged into the account because the user's encrypted password or whatever was included in the URL. You are not gonna get into someone's account with this, even if they didn't fix it.

  8. #8
    Join Date
    Mar 2006
    Posts
    122
    I was wondering if it is possible to mimic the little security lock when making a fake login page. You know the off color url box and the lock….
    I was thinking it is possible but I’m not sure.

    ~Thanks~ Toast

  9. #9
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by toast
    I was wondering if it is possible to mimic the little security lock when making a fake login page. You know the off color url box and the lock….
    I was thinking it is possible but I’m not sure.

    ~Thanks~ Toast
    Not the off color address bar (which is only in firefox, isn't it? I haven't used IE in so long now...), but you could possibly mimic the security lock with a custom favicon. I don't know if the alignment would be right (and it would only look correct in the browser which you took the icon from), but it's worth investigating.

    I can provide more info on what favicons are, but i'm too busy right now. [URL="http://en.wikipedia.org/wiki/Favicon"]Wikipedia can though[/URL].

  10. #10
    Join Date
    Mar 2006
    Posts
    122
    Cool, thanks! (and yes for the color bar in firefox; I dont use IE anymore either...)
    I'll do some more digging.
    ~T

  11. #11
    Join Date
    Sep 2005
    Posts
    2,050
    Well, immediately after I posted yesterday I realized that favicons are placed on the LEFT side of the address bar; and firefox shows the 'padlock icon' on the right of the address bar, and IE shows it right at the bottom-left of the browser.

    Oh, and favicons are the little icons websites show, and are placed to the left of the URL in the address bar. All-nettools.com has one, with an 'i' in it.

    In conclusion - using a favicon to show a fake padlock icon will only fool dumb internet users. Which is actually most of the population, according to a phishing report I read a couple of days ago.

  12. #12
    Join Date
    Mar 2006
    Posts
    122
    lol, Thanks Mike.


  13. #13
    Join Date
    Aug 2006
    Posts
    5
    The advisory is removed from the site.

  14. #14
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by ddlmail
    The advisory is removed from the site.
    [URL="http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060620/0*a*8*05/XD*0000*.txt"]Google found the document in another location.[/URL]

+ Reply to Thread

Similar Threads

  1. Yahoo ID stolen by fake yahoo page
    By CS-LAND in forum Internet Privacy
    Replies: 0
    Last Post: 12-22-2005, 08:47 AM
  2. does anyone know a way to bypass superscout?
    By Unregistered in forum Internet Privacy
    Replies: 5
    Last Post: 06-22-2005, 08:42 AM
  3. yahoo.co.in mail account not working...pls help
    By kavikarthik in forum Internet Privacy
    Replies: 1
    Last Post: 02-26-2005, 02:50 PM
  4. SYMPA send anonymous mail to HOTMAIL & YAHOO
    By fE¨·.·¨Er in forum Proxies and Firewalls
    Replies: 12
    Last Post: 01-06-2003, 07:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts